Secret API keys are used to authenticate your server-side code, while publishable API keys are used to authenticate your client-side code.