Endpoints, API keys, scopes, rate limits, and errors.
Bearer token
Exchange your API key for a short-lived session token and include it in the Authorization header.
Rate limits
Rate limits are returned in response headers. When exceeded, the API returns HTTP 429. Implement exponential backoff for retry logic.
Error format
All errors return a JSON body with a machine-readable code and a human-readable message.
Public key
Safe for client-side use. Scoped to your allowed domains. Used by the widget and React component.
Secret key
Server-side only. Full API access. Never expose in frontend code or public repos.
The JavaScript SDK wraps the API for a faster integration experience.
View SDK Docs