PetaAI Chatbot

Appearance

Authentication & API Keys

Petameta uses API keys to authenticate incoming requests from your application or website.
There are two types of keys:

API Key Types

1. Admin API Key

  • Used for backend server requests
  • Allows full access to Chat API
  • Should NEVER be exposed in frontend code
  • Use only in server-to-server interactions

2. Site API Key (Widget Key)

  • Used by the Web Widget
  • Scoped to a specific domain
  • Safe to expose in your website’s HTML
  • Limited permissions

Request Headers

Every Chat API request must include:

http
Content-Type: application/json
X-API-Key: YOUR_API_KEY
json
{
  "user_id": "temp_user_001",
  "session_id": "sess_abc123",
  "message": "Hi, I need help"
}

API Key Rotation

You can rotate keys at any time.

When generating a new key:

  1. Update your server environment variable
  2. Deploy your backend
  3. Update widgets on your website if needed

Security Recommendations

  • Never store Admin API Keys in frontend JavaScript
  • Use environment variables (.env) on your server
  • Treat keys like passwords
  • Rotate keys every 3–6 months
  • Disable old API keys after migration