FEATURES

Widget sessions

Anonymous and authenticated chat sessions for embedded widget.

Overview

Anonymous and authenticated chat sessions for embedded widget.

Who should use this

Customer sites embedding chat via script, React, or SDK (public_widget key only in the browser).

Core concepts

Org portal → Chatbot → Widget setup: allowed domains, public_widget key, bot id, install snippets. StartupCore marketing site dogfoods the same widget path using internal seeded keys (not a customer plan).

Setup

Customer guide: /chatbot/prerequisites → /chatbot/quickstart → pick /chatbot/widget-script, /chatbot/react, /chatbot/sdk, or /chatbot/rest-api. Internal startupcore.com dogfooding uses platform env vars only — not a customer path.

Required entitlement

chatbot

Required permissions

widget.session.create (server API key for authenticated bootstrap).

REST API

POST /widget/sessions/anonymous, POST /widget/sessions/authenticated, POST /widget/chatbots/{botId}/message.

SDK (@startupcore/api-client)

startupCore.widget.createAnonymousSession({ publicKey, botId, visitorId }).

Widget

Script tag — no data-tenant-id required.

Security notes

Only pk_live_* in HTML. Server keys in Authorization for auth handoff.

Troubleshooting

401 Invalid widget public key — rotate key or check botId binding.