Prepare for Release
Move a JavaScript game from developer-billed testing to production
Prepare for Release
During development the SDK runs on a developer token, and AI usage is billed to your account. In production, omit the developer token so the SDK uses player authentication — each player signs in with their own PlayKit account and pays for their own AI usage. This page covers the switch.
Remove the Developer Token
When no developerToken is present in the configuration, the SDK runs in player mode and presents the login flow automatically. The task is therefore to ensure the token is absent from production builds.
A bundler inlines whatever value an environment variable holds at build time. The token only reaches your bundle if it is defined in the build environment — so read it from a variable that exists only in local development, and never define that variable in CI or production:
const sdk = new PlayKitSDK({
gameId: 'your-game-id',
// Read from a local-only env var (e.g. a git-ignored .env.local).
// Undefined in production builds, so the SDK uses player authentication.
developerToken: import.meta.env.VITE_PLAYKIT_DEV_TOKEN, // Vite
// Next.js (browser): process.env.NEXT_PUBLIC_PLAYKIT_DEV_TOKEN
// Node / server: process.env.PLAYKIT_DEV_TOKEN
});- Put the token in a git-ignored local file (for example
.env.local); never commit it. - Do not define the variable in your CI or production build. Production builds then inline
undefined, and the SDK uses player authentication. - After building, search the output bundle for the token string to confirm it is absent (for example
grep -r "<token-prefix>" dist/).
A import.meta.env.DEV ? token : undefined guard does not by itself guarantee removal — it only lets the bundler tree-shake the value when minification is enabled, and the import.meta.env syntax is Vite-specific. The dependable safeguard is keeping the token out of the production build environment, then verifying the built bundle. Unlike a player token, a leaked developer token bills AI usage to the developer account.
Production Settings
- Leave
debugat its default (false) so verbose logging is disabled in production. - Set
baseURLonly if you use a custom endpoint; otherwise leave it unset. - Configure default models (
defaultChatModeland related options) to match your game.
Branding
Configure the name, description, logo, and key art shown on the player sign-in and authorization screen. This is set on the PlayKit platform, not in the SDK — see Setting Up Branding.
Release Checklist
- Branding (name, logo, key art) is configured — see Setting Up Branding.
- No
developerTokenis present in the production build. - The login flow appears for an unauthenticated player, and the red DeveloperToken indicator is gone.
- AI calls are billed to the player's account.
Next Steps
- Authentication — full authentication reference
- Backend Services — server-side token handling