Secure your token

Secure your token

Store PATs safely and limit blast radius.

A Personal Access Token is a bearer credential. If another person or service gets it, they can use it until it expires or is revoked.

Store it safely#

Use a secrets manager or deployment environment variable.
Do not paste tokens into source code.
Do not commit tokens to Git.
Do not send tokens in chat, screenshots, or support tickets.

Reduce risk#

Choose the narrowest scopes.
Use shorter expiry for experiments.
Create separate tokens per app or environment.
Revoke tokens that are unused or no longer needed.

If a token leaks#

Revoke immediately
Open Settings → API Tokens and revoke the exposed token.
Rotate downstream config
Remove the old value from any deployment, secret store, or local environment.
Create a replacement
Use only the scopes the client truly needs.

Team tokens#

When you create a token inside a Team workspace, the token is bound to that team context. Keep team tokens separate from personal automation.

On this page

Store it safely
Reduce risk
If a token leaks
Team tokens

Documentation

Getting Started

Introduction
Quickstart
Tour of the app
Key concepts

Account & Sign-in

Sign up
Sign in
Forgot password
Change password
Email verification

Workspaces

Personal vs Team
Switching workspace
Read-only state
Accept a team invitation

Building a Chatbot

Chatting with a Bot

Start a conversation
Conversation history
Model selector
Max Mode in chat
Thinking process
Copy & citations
Daily credit limits
Chat troubleshooting

Embed on Your Website

What is the embed widget
Enable the widget
Widget token
Allowed origins
Disable or delete
Widget troubleshooting

Teams

Team overview
Invite members
Manage invitations
Member seats
Remove a member
Team subscription

Plans & Billing

Plan tiers
Credits explained
Quota & limits
Feature gates
Upgrade flow
Workspace billing context

Usage Analytics

Reading the usage page
Source filter
Credits breakdown
Team usage views
Bot relations

API Access

API overview
Create a token
Secure your token
Revoke a token
Scope reference
Workspace binding

Settings

Profile
Password & security
Language & theme

Troubleshooting

Bot is not ready
Training failed
Daily credit limit reached
Bot limit reached
Document storage limit reached
Cannot train this bot
Widget is not loading
Team workspace is read-only
FAQ

Reference

Glossary
Keyboard shortcuts
File formats & limits
Status badge reference
Error messages