# Secrets

Secrets are used for authenticating requests through hash digests or encrypted data in client-side environments where generating a consent token is too complicated.\
\
A few use-cases when secrets are used:

* When passing a user ID to a Didomi SDK, a hash digest should be computed and provided to authenticate the user ID provided.
* When loading proofs in a public context. For instance, if you are embedding a consent proof in emails, the proof URL will need to be authenticated via a hash digest.

The `/secrets` API endpoint gives access to the secrets available to an organization on the Didomi platform and that can be used when a secret is required.

We recommend using different secrets by environment (development, staging, production, etc.) and by platform (web, mobile, email, etc.).

{% hint style="danger" %}
Secrets are meant to be reused and organizations are limited to 300 secrets.
{% endhint %}

## Create a secret

Send a `POST /secrets` request to create a new secret. You will need to specify a name to help identify what the secret is used for. The actual secret value will be automatically generated.

**Example**

```javascript
POST /secrets

BODY
{
  "name": "User ID in Web SDK"
  "organization_id": "organization_id"
}
```

[See the API documentation for more details on this endpoint.](https://api.didomi.io/docs/#/consents%2Fevents/post_consents_events)