Skip to Content
Developer APIAuthentication and Headers

Authentication and Headers

Widget-Side Endpoints

Widget endpoints authenticate using:

  • X-Widget-Publishable-Key: required
  • X-Visitor-Id: required for chat and leads

When domain allowlist is enabled, origin/referer must match an allowed domain.

Common Response Headers

  • X-Conversation-Id: conversation session identifier
  • X-Assistant-Message-Id: stored assistant message id
  • X-Visitor-Id: canonical visitor id
  • x-rag-context: URL-encoded JSON source summaries

Rate Limit Headers

On 429, responses include:

  • Retry-After
  • X-RateLimit-Scope
  • X-RateLimit-Limit
  • X-RateLimit-Remaining
  • X-RateLimit-Reset
Last updated on
Developer APIChat API
Dukon | Docs