Support/API Keys
API Keys
Manage your FlowSearch API keys and understand key types.
Key Types
FlowSearch uses two types of API keys:
Search Key
fs_pk_...Public key for frontend use. Only allows search operations.
- ✓ Safe to expose in browser
- ✓ Can be used in client-side code
- ✗ Cannot manage website settings
Admin Key
fs_sk_...Secret key for backend use. Full API access.
- ✗ Never expose publicly
- ✓ Use only in server-side code
- ✓ Can manage all settings
Security Warning
Never expose your Admin Key (fs_sk_...) in frontend code, public repositories, or client-side JavaScript. It grants full access to your account.
Getting Your API Keys
- Log in to your FlowSearch dashboard
- Select your website
- Click the "Integration" tab
- Your Search Key is displayed and ready to copy
- Admin Keys can be viewed/created in the security section
Using Your Search Key
The Search Key is used in your frontend code:
<script>
const flowSearch = new FlowSearch({
apiUrl: 'https://api.flowsearch.io',
apiKey: 'fs_pk_xxxxxxxxxxxxxxxxxxxx' // Search Key
});
flowSearch.init();
</script>Origin Restrictions
Protect your Search Key by restricting which domains can use it:
- Go to your website settings
- Find the "Allowed Origins" section
- Add your domain(s):
# Example allowed origins
https://yoursite.com
https://www.yoursite.com
https://yoursite.webflow.ioRequests from other domains will be rejected, even with a valid API key.
Rate Limiting
API keys have rate limits based on your plan:
| Plan | Search Key | Admin Key |
|---|---|---|
| Free | 60 req/min | 10 req/min |
| Pro | 300 req/min | 60 req/min |
| Business | 600 req/min | 100 req/min |
| Enterprise | Custom | Custom |
Regenerating Keys
If you suspect a key has been compromised:
- Go to your website's Integration tab
- Click "Regenerate Key"
- Update your code with the new key
- The old key is immediately invalidated
Downtime Warning
Regenerating a key immediately invalidates the old one. Make sure to update your code before regenerating to avoid search downtime.
Best Practices
For Search Keys
- Always set origin restrictions for production
- Use different keys for staging and production
- Monitor usage in your dashboard
For Admin Keys
- Never commit to version control
- Use environment variables
- Rotate regularly (every 90 days recommended)
- Use the principle of least privilege
# Store in environment variables
# .env (never commit this file!)
FLOWSEARCH_ADMIN_KEY=fs_sk_xxxxxxxxxxxxxxxxxxxx
# Access in your code
const adminKey = process.env.FLOWSEARCH_ADMIN_KEY;Key Permissions
| Action | Search Key | Admin Key |
|---|---|---|
| Search content | ✓ | ✓ |
| AI search | ✓ | ✓ |
| View analytics | ✗ | ✓ |
| Trigger crawls | ✗ | ✓ |
| Manage settings | ✗ | ✓ |
| Upload documents | ✗ | ✓ |