Security
Project security settings protect browser traffic and credentials.
Open Project > Settings > Security.
Cloudflare Turnstile
Turnstile adds bot protection before widget chat and feedback requests.
To enable it:
- Create a Turnstile widget in Cloudflare.
- Add the same hostnames you allow in Knoku.
- Paste the site key and secret key in Knoku.
- Save.
The widget reads the site key from project config. You do not need to add a Turnstile attribute to the embed script.
Full setup: Protect the widget with Turnstile.
What Turnstile protects
Turnstile applies to browser widget chat and feedback traffic.
It does not protect Public API requests. Public API requests use bearer keys and should be sent from a trusted backend.
Public API keys
Manage Public API keys under Project > API Keys.
Public API keys authorize /v1/* endpoints such as chat, conversations, messages, health, and OpenAPI docs. Keys can be scoped to Public or Internal corpus access when created.
See Public API for auth headers, corpus scope, and rotation behavior.