ServerTrack.io

Understanding Your Authentication Key

Last updated: January 28, 2026 • 3 min read

Learn what your authentication key is, why it's important, and how to keep it secure. This key is required for all tracking requests.

What is an Authentication Key?

Your Authentication Key is a unique 40-character alphanumeric string that identifies your Server Deck and authorizes tracking requests. Every event sent to ServerTrack must include this key to ensure your data is routed to the correct server configuration.

Example: ABC123XYZ789DEF456GHI012JKL345MNO678PQR

Where to Find Your Authentication Key

  1. Log in to your ServerTrack dashboard
  2. Select your Server Deck from the list
  3. Scroll to the "Overview" or "Edit Configuration" section
  4. Your Authentication Key will be displayed prominently
  5. Click the copy icon to copy it to your clipboard

Security Tip: Your authentication key is automatically included in the tracking script code provided in your dashboard. You don't need to manually add it unless you're building a custom integration.

How It Works

When you install the ServerTrack tracking script on your website, the authentication key is embedded in the script URL:

<script>
(function(w, d, u, k) {
    w.ServerTrack = w.ServerTrack || {};
    w.serverTrackQueue = [];
    w.st = function() { w.serverTrackQueue.push(arguments); };
    var s = d.createElement('script'); s.async = 1; 
    s.src = u + '?key=' + k; 
    var h = d.getElementsByTagName('script')[0]; h.parentNode.insertBefore(s, h);
})(window, document, 'https://data.yoursite.com/tracker.js', 'YOUR_AUTHENTICATION_KEY_HERE');
</script>

The server uses this key to:

  • Identify which Server Deck configuration to use
  • Validate that the request is authorized
  • Route events to the correct platform integrations
  • Track usage against your plan limits

Security Best Practices

Keep It Secure

  • Never share your authentication key publicly - Treat it like a password
  • Don't commit it to version control - Use environment variables if storing in code
  • Only use it in server-side code - While it's visible in the browser (it's in the script URL), you should avoid exposing it unnecessarily

Monitor for Unauthorized Use

Regularly check your ServerTrack dashboard for:

  • Unexpected spikes in event volume
  • Events from unknown domains or IP addresses
  • Unusual patterns in your event logs

Regenerating Your Authentication Key

If you suspect your key has been compromised or want to rotate it for security:

Warning: Regenerating your authentication key will immediately invalidate your old key. You'll need to update the tracking script on all your websites with the new key. Tracking will stop working until the script is updated.

  1. Go to your Server Deck settings
  2. Find the Authentication Key section
  3. Click "Regenerate Key"
  4. Confirm the regeneration
  5. Copy the new key
  6. Update your tracking script immediately on all websites using this Server Deck

Troubleshooting

"Invalid Authentication Key" Errors

If you're seeing "Invalid Authentication Key" or "401 Unauthorized" errors:

  • Verify the key in your dashboard matches the key in your script
  • Check for extra spaces or characters when copying
  • Ensure you're using the correct Server Deck's key
  • Clear your browser cache and reload the page

For more detailed troubleshooting, see our Authentication Key Errors guide.

Was this article helpful?

Please log in to provide feedback on this article.