Keys
The Keys tab holds the assistant's API key — the accessToken an embed uses when the security mode is API.
- The key is shown with an expiration date and can be renewed.
- Renewing invalidates the old key; update every embed and integration afterward.
- A None-mode assistant needs no key; an OIDC-mode assistant uses your
provider's token instead.
- The API key is a public identifier, not a secret — it's visible in the
page source of any site that embeds the assistant. Use it to identify the assistant in scenarios like intranets or soft-gated access. For stronger protection, combine it with allowed origins or switch to OIDC authentication.