Identifiers & keys
How to create a Moviie account, get a publishable key, and configure bundle IDs for native playback.
Get a publishable key
Every API request from the SDK requires a publishable key (mvi_pub_*). Here is how to get one:
- Create a Moviie account at app.moviie.ai/signin.
- After signing in, open Organization Settings → API Keys.
- Click Create key, choose the Publishable type, and give it a name (e.g.
mobile-prod). - Copy the key: it starts with
mvi_pub_. - Add it to your project as an environment variable:
# .env.local
EXPO_PUBLIC_MOVIIE_PUBLISHABLE_KEY=mvi_pub_your_key_here- Pass it to
<MoviieProvider>at the root of your app:
import { MoviieProvider } from "@moviie/player-expo"
<MoviieProvider publishableKey={process.env.EXPO_PUBLIC_MOVIIE_PUBLISHABLE_KEY}>
<App />
</MoviieProvider>Never use a secret key (
mvi_priv_*) in a mobile or web client. Secret keys are for server-side integrations only. The playback endpoint rejects them automatically.
Bundle IDs
Organizations can restrict native clients using allowed_bundle_ids. The SDK sends bundle_id inside the x-moviie-client header:
x-moviie-client: bundle_id=com.company.app;platform=ios;sdk=1.4.0Requests without a bundle ID are rejected when the organization configures an allow-list (except in development).
Publishable vs secret keys
| Prefix | Usage |
|---|---|
mvi_pub_* | Ship inside mobile or web clients for playback-scoped calls only. |
mvi_priv_* / legacy mvi_* | Server-side integrations: never embed in client binaries. |
Administrative REST routes reject publishable keys automatically (requireAdminApiAuth).
Playback endpoint
GET /api/v1/embeds/{embedId}/playback requires a publishable API key (mvi_pub_*), sent as Authorization: Bearer … or x-api-key. Private keys are never accepted on this route, even if they include playback:read. Send x-moviie-client from native SDKs so bundle allow-list rules apply.