FEATURES
Widget sessions
Anonymous and authenticated chat sessions for embedded widget.
Overview
Anonymous and authenticated chat sessions for embedded widget.
Who should use this
Customer sites embedding chat via script, React, or SDK (public_widget key only in the browser).
Core concepts
Org portal → Chatbot → Widget setup: allowed domains, public_widget key, bot id, install snippets. StartupCore marketing site dogfoods the same widget path using internal seeded keys (not a customer plan).
Setup
Customer guide: /chatbot/prerequisites → /chatbot/quickstart → pick /chatbot/widget-script, /chatbot/react, /chatbot/sdk, or /chatbot/rest-api. Internal startupcore.com dogfooding uses platform env vars only — not a customer path.
Required entitlement
chatbot
Required permissions
widget.session.create (server API key for authenticated bootstrap).
REST API
POST /widget/sessions/anonymous, POST /widget/sessions/authenticated, POST /widget/chatbots/{botId}/message.
SDK (@startupcore/api-client)
startupCore.widget.createAnonymousSession({ publicKey, botId, visitorId }).
Widget
Script tag — no data-tenant-id required.
Security notes
Only pk_live_* in HTML. Server keys in Authorization for auth handoff.
Troubleshooting
401 Invalid widget public key — rotate key or check botId binding.