The Security screen controls who can access your Airgentic service, which websites are permitted to embed it, and API access to analytics data.
When enabled, the chat widget is restricted — only authorised users can interact with it. When disabled, the service is publicly accessible to anyone who visits the page it is embedded on.
Use this setting for internal tools, intranet deployments, or any service that should not be available to the general public.
A list of website origins that are permitted to embed or host the Airgentic frontend. Requests from any origin not on this list will be blocked by the browser's cross-origin policy.
https://www.example.comThis setting should include every domain where your widget is embedded. If you see the widget failing to load or API calls being blocked in the browser console, an unlisted origin is the most common cause.
An API key that grants programmatic read access to raw analytics data via the GET /api/insights/raw endpoint.
Pass the key in the api-key request header when calling the endpoint.
| Action | Description |
|---|---|
| Generate | Creates a new API key. Only available when no key exists. |
| Regenerate | Replaces the existing key with a new one. The old key is immediately invalidated — any integrations using it will need to be updated. |
| Copy | Copies the key to your clipboard. |
| Delete | Removes the key entirely. The endpoint will reject all requests until a new key is generated. |
Store the API key securely. It is displayed in full only on this screen.