There are different configurations for the client and tools SDKs. While it is possible to include all key components (both the api key and client key) required in order to use both at the same time (and this is fine for testing on your own equipment), the secret component of your Cogs API key should never be placed into an app, a consumer device, or field unit.
An example of each type of config are included in this repository in the
cogs-client.json for the tools and client APIs respectively.
The tools SDK requires that the
api_key.secret fields be populated.
The client SDK requires that the
client_key.secret fields be populated.