DocumentationAPI Keys Guide
API Keys
AsroChat uses API keys for authentication between the client-side SDK and our backend servers. Manage your keys in the Dashboard to monitor usage and secure your domains.
Finding Your Key
Dashboard → My Bots → [Your Bot] → API Keys
Authentication Header
The SDK and internal calls use the x-api-key header for authentication.
// Client-side initialization
AsroChatSDK.init({
apiKey: 'ASRO_API_KEY_123',
botId: 'bot-uuid-999'
});Never share your API keys or commit them to public GitHub repositories.
Security Best Practices
Do
- Use environment variables for server-side code.
- Restrict keys to specific production domains.
- Rotate keys if you suspect they have been compromised.
- Monitor credit consumption from the dashboard.
Don't
- Hardcode keys in plain text in public repositories.
- Share keys via email or chat applications.
- Use the same key across multiple different projects.
- Disable domain restrictions for production applications.
Domain Restrictions
To prevent unauthorized usage, you can whitelist specific domains for your API key in the Dashboard. Requests from non-whitelisted domains will be rejected with a 403 Forbidden error.