API Keys

API keys authenticate your applications with Intufind. There are two types: secret keys for server-side use and publishable keys for client-side widgets.

Navigate to API Keys in the dashboard.

Key Types

Secret Keys

Secret keys can:

• Sync content to Intufind
• Access all API endpoints
• Manage workspace settings
• Read analytics data

Publishable Keys

Publishable keys can only:

• Perform searches
• Send chat messages
• Track analytics

Managing Secret Keys

Creating a Key

1. Go to API Keys
2. Click Create Key in the Secret Keys section
3. Copy the key immediately — it's shown only once

Viewing Keys

The dashboard shows:

• Key prefix (last 4 characters hidden)
• Creation date
• Delete action

Full keys are never shown after creation.

Deleting Keys

1. Click Delete next to the key
2. Confirm the deletion
3. Any applications using this key will stop working

Key Rotation

To rotate keys:

1. Create a new key
2. Update your applications
3. Verify everything works
4. Delete the old key

Publishable Key

Your publishable key is displayed in full since it's safe for public use.

Copying the Key

Click the copy icon to copy to clipboard.

Using the Key

Add to your widget embed code:

<script 
  src="https://cdn.intufind.com/chat-loader.js" 
  data-publishable-key="if_pk_your_key_here"
></script>

Quick Start Examples

Server-Side (Node.js)

// Install: npm install @intufind/sdk

const Intufind = require('@intufind/sdk');

const client = new Intufind({
  secretKey: process.env.INTUFIND_SECRET_KEY,
});

// Sync a product
await client.products.upsert({
  externalId: 'product-123',
  name: 'Running Shoes',
  description: 'Lightweight running shoes...',
  price: 99.99,
});

Server-Side (PHP)

// Install: composer require intufind/sdk

use Intufind\Client;

$client = new Client([
    'secretKey' => getenv('INTUFIND_SECRET_KEY'),
]);

// Sync a product
$client->products->upsert([
    'externalId' => 'product-123',
    'name' => 'Running Shoes',
    'description' => 'Lightweight running shoes...',
    'price' => 99.99,
]);

Client-Side (Widget)

<script 
  src="https://cdn.intufind.com/chat-loader.js" 
  data-publishable-key="if_pk_xxx"
></script>

Externally Managed Keys

If your workspace was created via Shopify:

• Keys are managed automatically
• You can view but not create/delete keys
• Key rotation is handled by the integration

A notice will appear explaining this.

Environment Variables

Store keys in environment variables:

# .env
INTUFIND_SECRET_KEY=if_sk_xxx
INTUFIND_PUBLISHABLE_KEY=if_pk_xxx

Access in your application:

// Node.js
const secretKey = process.env.INTUFIND_SECRET_KEY;

// PHP
$secretKey = getenv('INTUFIND_SECRET_KEY');

Security Best Practices

Do

• ✅ Store secret keys in environment variables
• ✅ Use server-side code for secret key operations
• ✅ Rotate keys periodically
• ✅ Use separate keys for development/production
• ✅ Monitor for unauthorized usage

Don't

• ❌ Commit keys to version control
• ❌ Expose secret keys in client-side code
• ❌ Share keys via email or chat
• ❌ Use the same key across all environments
• ❌ Leave unused keys active

Troubleshooting

"Invalid API key" error

1. Verify the key is correct (copy/paste again)
2. Check you're using the right key type
3. Ensure the key hasn't been deleted
4. Verify environment variables are loaded

"Unauthorized" error

1. Check key permissions (secret vs publishable)
2. Verify the workspace exists
3. Ensure your subscription is active

Key not working after rotation

1. Check all applications are updated
2. Clear any caches
3. Verify environment variables reloaded
4. Check for hardcoded old keys

Next Steps

• Subscription & Billing — Manage your plan
• Widget Integration — Use publishable key in widgets
• WordPress Setup — Use secret key in plugin