Projects are a grouping of related data structures.
A project holds collections, models, records, media, templates and webhooks.
Resources inside projects can not be shared to other projects.
Project access can be shared by many users.
All projects have their own secret API key generated for them when they are first created. Similar to a password for an account. This allows access to your project's data without unwanted hackers seeing your important data.
Project API keys should not be shared with users that are not intended to have access to your data. Therefore we recommend never exposing your project API key to the public or else someone may use it to access and delete your data.
If your project API key was compromised, you should rotate your API key as soon as possible to prevent any unwanted changes to your data. You may do this in the project settings page.
As soon as you rotate your API key, all existing API calls using your previous API key will no longer work and you must replace them with your new key.
To prevent further access to your project, all API endpoints related to projects must include your user OAuth bearer token in the header to prevent hackers from rotating project API keys without notice.