Authorization

API Keys & Tokens

Stellar Intelligence X provides enterprise-grade flexibility for integrating the chat widget. Secure your workspace via Audience Governance tokens or internal orchestration keys.

Cryptographic Key Identities

Publishable Node

Frontend ID

pk_test_********************

Safe for public exposure. Used strictly to route widget queries to your workspace silo.

Secret Key

Backend Signer

sk_test_********************

Critical security node. Never expose to client-side code. Use exclusively for server-side JWT signing.

Management Protocol

  • Regenerate SequenceInstantly rotate the cryptographic pair. Warning: This will break existing connections immediately.
  • Revoke Secret AccessPermanently disable the secret key node. Recommended if a compromise is suspected in your backend layer.

Security Access Architectures

Stellar Intelligence X supports two primary models for secure data access. Choosing the right one depends on your integration environment and isolation requirements.

High Trust Mode

Bimodal Bypass

Use this pattern for trusted internal environments (e.g., employee dashboards) where the Secret Key can be safely stored on the server. This bypasses Audience filtering and grants full transparency to the AI over the allowed schema.

Internal Override Example
<script 
  src="https://cdn.stellix.ai/v1/widget.js" 
  data-workspace-id="YOUR_PUBLISHABLE_KEY"
  data-allow="true"
  data-api-key="sk_YOUR_SECRET_KEY"
></script>

NEVER use Bimodal Bypass on public-facing internet pages. Your Secret Key is equivalent to database root access for the AI.

Zero-Trust Mode

Audience Context Isolation

This is the gold standard for multi-tenant SaaS. By signing user audience attributes into a JWT, you enforce Nested Logical Security at the cryptographic layer. The AI becomes genuinely unaware of restricted data.

1. Sign Token (Backend)
const token = jwt.sign({
  audience: "enterprise_b"
}, SECRET_KEY);
2. Inject Token (Frontend)
<script 
  src="..." 
  data-workspace-id="..."
  data-token="SIGNED_JWT_HERE"
></script>

Mandatory Cryptographic Trust: For production security, Stellar Intelligence X strictly requires Audience target-bindings to be delivered via a signed JWT. Raw string mappings are blocked.

Looking for Governance Context?

Governance Rulesets & Audience Trees