Documentation

Public API Key

Beta

The Public API key lets you embed Siren alerts and data directly into your website or app. Unlike private keys, a public key is tied to a specific origin (your domain) so it can be used safely in client-side code without exposing full access.

How Origin Works

What is origin?

When you create a public key, you specify the domain where it will be used (for example, myapp.com or https://www.myapp.com). This is called the origin. The API only accepts requests that come from that exact domain.

Why does it matter?

Because public keys can be used in the browser, anyone could copy your key from the page source. By binding the key to your origin, we ensure that even if someone copies it, they cannot use it from their own site. Your key only works when requests come from your approved domain.

What you need to provide

When creating a public key, you will be asked for the origin of your application. Use the full domain where your app runs (e.g. https://example.com). Make sure it matches exactly what appears in the browser address bar when users visit your site.

Low Priority

Alerts delivered through the client socket are sent with low priority. This means they may arrive slightly later than on the standard connection, which is optimized for server-side integrations. For most web apps and dashboards, this delay is negligible.

Per-User Limits

Public API usage is subject to a per-user rate limit. This limit applies to both socket connections and HTTP requests. If you exceed the limit, you will receive a 429 response and will need to wait before making more requests. The limit is shared across all endpoints and connections using your public key.