API keys

Creating, scoping, and rotating Frametail API keys safely.

Storage

Treat keys like passwords. Store them in secret managers — not git repositories or client-side bundles for public apps.

Rotate on a schedule and immediately after suspected compromise. Frametail keys are prefixed with ft_ for easy detection in logs.

Issue separate keys per service where possible so revocation is surgical.

Usage and quotas

Understanding consumption signals and staying within plan limits.

Dashboard sign-in (Clerk)

How end users authenticate to the Frametail web application.