Board identifiers and publishable keys
Choose a stable, public-safe identifier for SDK requests.
A
JThe board option tells the API which job board a request belongs to. Use the board’s immutable pk_… publishable key in every deployed frontend.
Accepted identifiers
createBoardClient accepts three board identifiers:
| Identifier | Example | Recommended use |
|---|---|---|
| Publishable key | pk_0123456789abcdef0123456789abcdef | Deployed and local frontends |
| Internal board ID | boards_… | Internal diagnostics when Cavuno gives you the ID |
| Board slug | example-careers | Short-lived local investigation only |
Slugs are operator-mutable. A rename can break a frontend that uses the old slug. The publishable key remains the deployment-safe identity.
Configure the client
Keep the API URL and key in the framework’s environment configuration:
12345import { createBoardClient } from '@cavuno/board';export const board = createBoardClient({board: process.env.PUBLIC_CAVUNO_BOARD!,});
The SDK uses https://api.cavuno.com by default. Only pass baseUrl when Cavuno supplies a different environment, and pass the origin only—the client adds the version and encoded board identifier.
Frameworks expose public values differently. Use NEXT_PUBLIC_CAVUNO_BOARD in browser-visible Next.js code or VITE_CAVUNO_BOARD in a Vite browser bundle, but pass the value to the same board option.
What the publishable key grants
A publishable key:
- Selects one board.
- Is intended to be present in public frontend code and requests.
- Does not authenticate a candidate or employer.
- Does not grant access to Cavuno’s operator/admin API.
- Does not bypass board-password or feature entitlement checks.
A board-user access token is different. It represents a person and must be protected according to your session architecture. Never substitute it for board or put it in a public environment variable.
Verify the key before building routes
1234567const context = await board.context();console.log({id: context.id,slug: context.slug,name: context.name,});
Compare the returned name and slug with the board you intended to connect. This catches a well-formed key copied from the wrong environment or board.
For an automated static and runtime check, export the canonical variables in the shell and run:
1npx @cavuno/board doctor
The CLI reads process.env; it does not automatically load your framework’s .env file. Doctor requires a pk_ key followed by 32 hexadecimal characters and then resolves the board context. A skipped frontend probe means that frontend behavior was not tested; add --frontend <url> once the application is running.
Common failures
boards_not_found
The identifier does not resolve. Re-copy the key and check that the application is using the intended environment file at runtime.
A browser request targets the wrong board after deployment
Public environment values can be fixed at build time by some frameworks. Confirm which deployment stage injects the value and rebuild when changing it.
A key appears in browser developer tools
That is expected for a publishable key. Investigate only if the value is a bearer token, refresh token, or operator credential.
Next, decide who owns authentication and sessions.