SDKs are for front-end operations only, which use your public API key for security. The only frontend operations are tokenizing and authenticating. This way, sensitive data never passes through your (or even our) servers as the libraries directly handle tokenization.
All operations that actually affect money flow (authorize, capture, refund) must be done from your backend using the private API key.