Use the PUBLIC key
Avoid PCI requirements - call client side!
If you collect card data and send the tokenization server-side, you will transmit cardholder data, hence you will require PCI certification. This API will only help you to avoid the PCI certification requirement if it is called client side, direct from the clients browser to HIPS. The token you receive from the tokenization api can however be stored server-side, and then be used for all future communication with HIPS in regards to the underlying card.
Read more about the Tokenization here: Client Side Tokenization (hips.js)