API Keys
API keys authorize backend access for widgets, SDK clients, custom tools, and external integrations.
API Keys
API keys authorize backend access for widgets, SDK clients, custom tools, and external integrations.
What A Key Can Control
Each key can include:
- a name
- one or more permissions
- allowed origins
- a per-minute rate limit
- active or inactive status
Supported permissions are:
| Permission | Use it for |
|---|---|
| chat | Chat and streaming endpoints |
| retrieve | Retrieval-only queries and some voice tool flows |
| ingest | Programmatic content ingestion |
Important Behavior
- raw keys are only shown once when created
- inactive keys stay listed but cannot authenticate requests
- the system may create a bootstrap retrieve key for voice tooling when needed
Good Key Hygiene
- create separate keys for separate use cases
- limit permissions to the minimum required
- set allowed origins for browser-based use where possible
- rotate keys when ownership changes
- delete old keys instead of leaving them dormant forever
Typical Examples
Widget or frontend integration
Use a key with only the permissions the integration actually needs, plus allowed origins.
Retrieval-only internal search
Use a retrieve-only key.
Content ingestion workflow
Use an ingest key that is not shared with chat clients.
Related Docs
API Reference
Interactive endpoint docs for chat, retrieval, and source management.
Tools
Enable built-in tools and create custom HTTP tools for your agent.
MCP Servers
Connect GitHub, Slack, Notion, databases, and external systems.