Keys

The Keys tab holds the assistant's API key — the accessToken an embed uses when the security mode is API.

  • The key is shown with an expiration date and can be renewed.
  • Renewing invalidates the old key; update every embed and integration afterward.
  • A None-mode assistant needs no key; an OIDC-mode assistant uses your

provider's token instead.

  • The API key is a public identifier, not a secret — it's visible in the

page source of any site that embeds the assistant. Use it to identify the assistant in scenarios like intranets or soft-gated access. For stronger protection, combine it with allowed origins or switch to OIDC authentication.


Contact us

Still need help?

Tell us what you want your website assistant to answer. We will help you map the right content, controls, and launch path.