Create API Key
API Keys are used to securely authenticate your business integrations and API requests in Ainisa.
Each key consists of two parts:
- Public Key – used for identification
- Private Key – used for secure authentication
⚠️ Keep your Private Key secret — anyone with it can access your business data through the API.
🔑 How to Create an API Key
Go to Business → API Keys
🔗 https://ainisa.com/business/api-keysClick the “Create API Key” button.
Fill in the fields:
- Title: Name of your key (e.g.,
Website Widget) - Allowed Domains: Limit usage to specific domains
Example:https://example.com - Allowed IP addresses: Limit usage to specific IPs
Example:111.111.111.111
- Title: Name of your key (e.g.,
Click Save — your new key will appear in the list.
🧩 Domain and IP Validation
Ainisa automatically validates every incoming request based on the Allowed Domains and Allowed IP addresses you configure for each key.
🌐 Allowed Domains
When a request is made from your frontend (e.g., Ainisa web widget), Ainisa checks the Origin or Referer header.
If the request comes from a domain that’s not in your allowed list, it will be denied.
Example configuration:
Allowed Domains:
✅ Request from https://example.com → Allowed
❌ Request from https://malicious-site.com → Denied
🖥️ Allowed IP Addresses
For API requests (server-to-server integrations, backend calls, etc.), Ainisa checks the IP address of the requester.
If the IP isn’t included in your allowed list, the request will be denied.
Example configuration:
Allowed IP addresses:
- 111.111.111.111
- 222.222.222.222
✅ Request from 111.111.111.111 → Allowed
❌ Request from 35.98.45.100 → Denied
This ensures that only trusted servers or hosting environments can interact with your Ainisa account.
🗝️ Managing Your Keys
Once created, your keys will appear in the API Keys dashboard
Each entry in API Keys dashboard shows:
- Public Key – shareable identifier
- Private Key – confidential authentication key
- Copy icons for quick access
- Menu (
⋯) for editing or deleting the key
🔐 Security Tip:
Never use your Private Key in frontend JavaScript or public repositories.
Store it safely in backend environment variables.
✅ Summary
| Action | Description |
|---|---|
| Create API Key | Generate a new secure key with allowed domains and IPs |
| Domain Validation | Ainisa checks the request's origin domain — unlisted domains are denied |
| IP Validation | For backend calls, Ainisa verifies the requester's IP address |
| Manage Keys | View, edit, or delete your keys anytime from the dashboard |
🔒 Best Practices
- Rotate your API keys regularly
- Use public keys for frontend, both public and private keys for backend integrations
- Restrict each key to only required domains or IPs
- Delete unused keys to reduce security risks