Generate an Assistant API Key

If your assistant's security mode is API, it needs a key before it can load anywhere outside the dashboard — think of the key as its password for the open web. Keys live on the assistant's Keys page ("Open public key management").

Steps

  1. Open the assistant and its Keys tab.
  2. Create a key if there isn't one.
  3. Reveal and copy it.
  4. Store it somewhere safe, and use it as the accessToken in your embed.

Verify the Result

The key shows up with an expiration date, and you can renew it before it lapses.

Public assistants need no key

If the security mode is None, there's no key to generate — anyone on an allowed origin can load it. Only API and OIDC modes need a token.

The API key is a public identifier

The key is visible in the page source of any site that embeds the assistant — it identifies which assistant to load, not who is allowed to use it. Security comes from allowed origins and the authentication mode, not from keeping the key secret. See Secure Your Assistant.

Troubleshooting

  • If you want to stop an old key from working, renew it on the Keys tab and update your embeds.

Contact us

Still need help?

Tell us what you want your website assistant to answer. We will help you map the right content, controls, and launch path.