Skip to main content
WidgetKeysResource is reachable on every Kataven Node client as client.widgetKeys. Each method maps to one HTTP endpoint on the Hub API; links to the underlying spec entry are inline below. pk_live_ keys are the public identifiers you put in your website’s HTML widget bootstrap. They’re not credentials — domain allowlists keep them safe.

Methods at a glance

MethodHTTPSummary
listGET /api/v1/widget-keysList widget keys
createPOST /api/v1/widget-keysCreate a widget key (returns plaintext pk_live_ ONCE)
updatePATCH /api/v1/widget-keys/{id}Update or revoke a widget key
deleteDELETE /api/v1/widget-keys/{id}Delete or soft-disable a widget key

Reference

client.widgetKeys.list(...)

List widget keys HTTPGET /api/v1/widget-keys · API reference →
list()
Returns metadata for every pk_live_ widget key in this account. The plaintext key value is never returned by this endpoint — only the last 8 characters and the row id. To recover a lost key, create a new one.

client.widgetKeys.create(...)

Create a widget key (returns plaintext pk_live_ ONCE) HTTPPOST /api/v1/widget-keys · API reference →
create(input: { name: string; domain_allowlist?: string[]; agent_id?: string | null })
Mints a new pk_live_ public identifier scoped to the caller’s account. The plaintext value is returned in the response body and never again — paste it into the customer’s HTML <script data-client-key="..."> attribute.

client.widgetKeys.update(...)

Update or revoke a widget key HTTPPATCH /api/v1/widget-keys/{id} · API reference →
update(id: string, patch: { name?: string; domain_allowlist?: string[]; agent_id?: string | null; disabled?: boolean })
Renames the key, replaces the domain allowlist, repins the agent, or revokes (disabled=true sets disabled_at=now() — idempotent).

client.widgetKeys.delete(...)

Delete or soft-disable a widget key HTTPDELETE /api/v1/widget-keys/{id} · API reference →
delete(id: string)
Hard-deletes the row if the key was never used; otherwise sets disabled_at=now() to preserve the audit trail.