API Keys
Manage your API keys for Aidkit integration
API keys are used to authenticate your application with Aidkit. Keep your API keys secure and never expose them in client-side code.
Creating an API Key
- Navigate to Settings > API Keys in your dashboard
- Click Create API Key
- Give your key a descriptive name (e.g., "Production", "Development")
- Copy the key immediately - it won't be shown again
API keys are only shown once when created. Store them securely. If you lose a key, you'll need to create a new one.
Use in the Browser Script
For the embeddable form, use your API key in the init call:
window.Aidkit.init({
apiKey: "ak_xxxxxxxxxxxxx",
});Security Best Practices
Do
- Use environment variables to store API keys
- Use different keys for development and production
- Rotate keys periodically
- Delete unused keys
Don't
- Commit API keys to version control
- Share keys via insecure channels
- Use production keys in development
- Expose keys in client-side JavaScript (for server-side operations)
Environment Variables
Store your API key in environment variables:
# .env.local
AIDKIT_API_KEY=ak_xxxxxxxxxxxxxThen use it in your code:
// Server-side only
const apiKey = process.env.AIDKIT_API_KEY;For the embeddable form, the API key must be included in the client-side JavaScript. This is safe because the key is scoped to creating tickets only.
Revoking Keys
To revoke an API key:
- Go to Settings > API Keys
- Find the key you want to revoke
- Click the delete button
- Confirm the deletion
Revoking a key is immediate and permanent. Any applications using the revoked key will stop working immediately.
Rate Limits
API keys have rate limits to prevent abuse:
| Tier | Requests per minute |
|---|---|
| Free | 60 |
| Pro | 300 |
| Enterprise | Custom |
If you exceed the rate limit, you'll receive a 429 Too Many Requests response.