Use service tokens for private work
Data, files, message history, and AI routes require a service token in trusted server code. Do not expose service tokens in a browser bundle.
import { createDeployletClient } from "@deploylet/sdk";
const deploylet = createDeployletClient({
space: "launch-preview",
serviceToken: process.env.DEPLOYLET_RUNTIME_TOKEN,
});
await deploylet.data.collection("events").insert({ source: "checkout" });Browser keys are deliberately narrow
Publishable browser keys are limited to realtime publishing and must be bound to explicit HTTPS origins. They do not grant private data, file, history, or AI access.
Current realtime model
Deploylet supports authenticated event publishing and message history polling today. Live WebSocket or SSE fan-out is not part of the current runtime.