Agents

Embed & share

Expose an agent to the public without exposing your account credentials. A share token is a separate, narrowly-scoped key you can put in client-side code.

Mint a share token for an agent. The token (kr_share_…) is shown once. It only works for this one agent, only from the origins you allow, and only within its daily caps.

curl -X POST https://api.kraterion.com/v1/agents/<agent_id>/share-tokens \
  -H "Authorization: Bearer kr_live_..." \
  -H "Content-Type: application/json" \
  -d '{
    "name": "marketing-site",
    "allowed_origins": ["https://example.com"],
    "max_requests_per_day": 1000,
    "max_spend_usd_per_day": 5,
    "cite_sources": true
  }'

Origin allowlist

Every request is checked against allowed_origins using the browser's Origin header. List the exact origins (https://host) where the widget is allowed to run; calls from anywhere else are refused. This is what keeps a leaked embed token from being usable on a different site.

Daily caps

Two limits bound exposure: max_requests_per_day (default 1000) and max_spend_usd_per_day (default 5). When either is reached, the agent stops answering through that token until the next day. Adjust a token with PATCH /v1/share-tokens/:id or kill it with POST /v1/share-tokens/:id/revoke.

Script tag

Drop the token into a single script tag on your page to render the chat widget.

<script
  src="https://app.kraterion.com/embed.js"
  data-token="kr_share_..."
  async
></script>

Citing sources

With cite_sources on (the default), embedded answers show where they came from, using the same citation data described in the Chat API. Turn it off for a plain conversational widget.

Embed & share

Share tokens

Origin allowlist

Daily caps

Script tag

Citing sources