Skip to content

Server SDKs

The server SDKs send events from your backend with your project’s secret write key. Events sent this way are facts: the platform marks them source=server and verified=true, because holding the secret key is the authentication. That is what makes them the right channel for anything money or messaging depends on — orders, refunds, subscription changes — instead of a track('purchase') in the browser that anyone can fake from the console.

They are deliberately small. No autocapture, no session replay, no persisted identity: you pass the distinct_id on every call. Five languages, one shared specification — same behavior, same wire format, same test vectors, so what you learn in one holds in the others.

Language Package Repository
PHP composer require kilden/kilden-php kilden-sdk-php
Node.js npm install @kilden-io/node kilden-sdk-node
Python pip install kilden kilden-sdk-python
Ruby gem install kilden --pre kilden-sdk-ruby
Go go get go.kilden.io/sdk kilden-sdk-go

The PHP core also powers kilden/laravel, which adds a facade, queued delivery and a ready-made POST /kilden/identity route to a Laravel app.

Server SDKs take the secret key (sk_…), never the public one. The constructor rejects a public key outright. The inverse also holds: the secret key must never reach a browser — treat it like a database password. See trust levels for the full model.

  • Eventstrack, identify, alias, batched in memory and delivered in the background with retries, gzip and idempotent UUIDs. You call close() on shutdown; everything else is automatic (in PHP-FPM the shutdown hook flushes after the response is sent).
  • Identity signingIdentitySigner produces the short-lived JWT that identity verification needs, in three lines, with no JWT dependency. This is the reason these SDKs exist.
  • Feature flagsisEnabled / getFeatureFlag evaluated by Kilden (/decide) with a 30-second in-process cache, a hard timeout and a default you control, so your request path never hangs on us.

Start with the quickstart: first event, identify and a signed identity token in each language.