Documentation Index
Fetch the complete documentation index at: https://docs.kataven.ai/llms.txt
Use this file to discover all available pages before exploring further.
pk_live_ keys are public identifiers in HTML — they’re not credentials, domain allowlists keep them safe. Wrapped by the Python SDK and Node SDK.
Endpoints at a glance
| Method | Path | Summary |
|---|
GET | /api/v1/widget-keys | List widget keys |
POST | /api/v1/widget-keys | Create a widget key (returns plaintext pk_live_ ONCE) |
PATCH | /api/v1/widget-keys/{id} | Update or revoke a widget key |
DELETE | /api/v1/widget-keys/{id} | Delete or soft-disable a widget key |
Reference
List widget keys
Returns metadata for every pk_live_ widget key in this account. The plaintext key value is never returned by this endpoint — only the last 8 characters and the row id. To recover a lost key, create a new one.
Responses
| Code | Description | Body |
|---|
200 | OK | array<data.WidgetKey> |
400 | Missing X-Account-ID header | string |
401 | Missing or invalid bearer token | string |
500 | Database error | string |
curl https://api.kataven.ai/v1/widget-keys \
-H "Authorization: Bearer $KATAVEN_API_KEY"
POST /api/v1/widget-keys
Create a widget key (returns plaintext pk_live_ ONCE)
Mints a new pk_live_ public identifier scoped to the caller’s account. The plaintext value is returned in the response body and never again — paste it into the customer’s HTML <script data-client-key="..."> attribute.
Request body (application/json)
Schema: handlers.CreateWidgetKeyRequest. Server-set fields (id, created_at, updated_at, …) are ignored if supplied; only the user-settable fields are shown below.
| Field | Type | Description |
|---|
agent_id | string | e.g. agent_01HZ2N7G3K8M0Q5R7T9V2X4Y6Z |
domain_allowlist | array<string> | e.g. ['https://acme.com', 'https://www.acme.com'] |
name | string | e.g. acme.com production |
| Code | Description | Body |
|---|
201 | Created | data.CreatedWidgetKey |
400 | Invalid body or name required | string |
401 | Missing or invalid bearer token | string |
500 | Database error | string |
curl https://api.kataven.ai/v1/widget-keys \
-X POST \
-H "Authorization: Bearer $KATAVEN_API_KEY" \
-H "Content-Type: application/json" \
-d '{
"agent_id": "agent_01HZ2N7G3K8M0Q5R7T9V2X4Y6Z",
"domain_allowlist": [
"https://acme.com",
"https://www.acme.com"
],
"name": "acme.com production"
}'
| Name | In | Type | Required | Description |
|---|
id | path | string | Yes | Widget key id (uuid) |
application/json)
Schema: handlers.UpdateWidgetKeyRequest. Server-set fields (id, created_at, updated_at, …) are ignored if supplied; only the user-settable fields are shown below.
| Field | Type | Description |
|---|
agent_id | string | e.g. agent_01HZ2N7G3K8M0Q5R7T9V2X4Y6Z |
disabled | boolean | e.g. False |
domain_allowlist | array<string> | e.g. ['https://acme.com', 'https://www.acme.com', 'https://app.acme.com'] |
name | string | e.g. acme.com production (renamed) |
| Code | Description | Body |
|---|
204 | Updated | — |
400 | Invalid body | string |
401 | Missing or invalid bearer token | string |
500 | Database error | string |
curl https://api.kataven.ai/v1/widget-keys/agent_01HZ2N... \
-X PATCH \
-H "Authorization: Bearer $KATAVEN_API_KEY" \
-H "Content-Type: application/json" \
-d '{
"agent_id": "agent_01HZ2N7G3K8M0Q5R7T9V2X4Y6Z",
"disabled": false,
"domain_allowlist": [
"https://acme.com",
"https://www.acme.com",
"https://app.acme.com"
],
"name": "acme.com production (renamed)"
}'
| Name | In | Type | Required | Description |
|---|
id | path | string | Yes | Widget key id (uuid) |
| Code | Description | Body |
|---|
204 | Deleted | — |
401 | Missing or invalid bearer token | string |
500 | Database error | string |
curl https://api.kataven.ai/v1/widget-keys/agent_01HZ2N... \
-X DELETE \
-H "Authorization: Bearer $KATAVEN_API_KEY"
