Authentication

API keys, scopes and secure access sessions.

API key types

Publishable (pk_) — safe in browsers, powers the widget
Secret (sk_) — server-side only, full REST access

Authenticating requests

Send your secret key as a bearer token on every server-side request.

curl https://api.supportflow.ai/v1/tickets \
  -H "Authorization: Bearer sk_live_xxxxxxxx"

Scopes

tickets:read / tickets:write
knowledge:read / knowledge:write
ai:resolve
admin:manage

Secure access sessions

Sensitive admin actions require a short-lived secure session confirmed with an OTP. Sessions expire automatically and every action is audit-logged.

See it in your app
in 2 minutes.

Embed the widget, connect your knowledge base, and give every user instant help — with full context for your team.

Start free trial Try the widget