Yes, but we store the admin key in your browser and the invoice key on the server since that's where we coordinate autowithdrawals and p2p zaps. We don't want to store spending permissions on the server so we need something restricted to receives for the server.