API Keys

API keys authenticate your requests to the AI Commerce API. Keep them secure and never expose them in client-side code.

Security

Never expose your API keys in client-side code. Use environment variables and server-side requests for production applications.

Key Types

AI Commerce uses two types of API keys for different security contexts.

Type	Prefix	Use Case	Permissions
🌐 Public	pk_live_	Browser/Widget	Read-only (chat, products)
📱 Mobile	mk_live_	iOS/Android native apps	Read-only, requires App Identifier
🔒 Private	sk_live_	Server-side	Full access

Info

Safe to expose in browser code. Only allows read operations. Full API access. Never expose in client-side code.

Creating API Keys

Create API keys with specific permissions for different use cases.

create-api-key.ts

typescript

import { AICommerce } from '@yassirbenmoussa/aicommerce-sdk';

const client = new AICommerce({
  apiKey: 'YOUR_MASTER_KEY',
});

// Create a new API key with specific permissions
const apiKey = await client.apiKeys.create({
  name: 'Production Key',
  permissions: ['read:products', 'write:chat', 'read:analytics'],
  expiresAt: '2025-12-31T23:59:59Z'
});

// Store this securely - it won't be shown again!
console.log('New API Key:', apiKey.key);

Environment Variables

Store your API keys securely using environment variables.

.env.local

bash

# .env.local
AI_COMMERCE_API_KEY=sk_live_xxx...
AI_COMMERCE_STORE_ID=store_xxx...

# Never commit these to version control!

Verify Key Endpoint

Check if an API key is valid and retrieve its permissions.

check-api-key.ts

typescript

// Check if the API key is valid
const status = await client.checkApiKey();

if (status.valid) {
  console.log('Valid key for store:', status.storeName);
  console.log('Permissions:', status.permissions);
} else {
  console.log('Invalid key:', status.error);
}

Available Permissions

Permission	Description
read:products	View product catalog
write:products	Add, update, delete products
read:chat	View chat sessions and history
write:chat	Create sessions, send messages
read:analytics	View usage statistics
admin	Full access to all resources

Tip

Use the principle of least privilege - only grant the permissions each API key actually needs.

Product Sync API

Chat API

Key Types

AI Commerce uses two types of API keys for different security contexts.

Type	Prefix	Use Case	Permissions
🌐 Public	pk_live_	Browser/Widget	Read-only (chat, products)
📱 Mobile	mk_live_	iOS/Android native apps	Read-only, requires App Identifier
🔒 Private	sk_live_	Server-side	Full access

Info

Safe to expose in browser code. Only allows read operations. Full API access. Never expose in client-side code.

Creating API Keys

Create API keys with specific permissions for different use cases.

create-api-key.ts

typescript

import { AICommerce } from '@yassirbenmoussa/aicommerce-sdk';

const client = new AICommerce({
  apiKey: 'YOUR_MASTER_KEY',
});

// Create a new API key with specific permissions
const apiKey = await client.apiKeys.create({
  name: 'Production Key',
  permissions: ['read:products', 'write:chat', 'read:analytics'],
  expiresAt: '2025-12-31T23:59:59Z'
});

// Store this securely - it won't be shown again!
console.log('New API Key:', apiKey.key);

Verify Key Endpoint

Check if an API key is valid and retrieve its permissions.

check-api-key.ts

typescript

// Check if the API key is valid
const status = await client.checkApiKey();

if (status.valid) {
  console.log('Valid key for store:', status.storeName);
  console.log('Permissions:', status.permissions);
} else {
  console.log('Invalid key:', status.error);
}

Available Permissions

Permission	Description
read:products	View product catalog
write:products	Add, update, delete products
read:chat	View chat sessions and history
write:chat	Create sessions, send messages
read:analytics	View usage statistics
admin	Full access to all resources

Tip

Use the principle of least privilege - only grant the permissions each API key actually needs.