Public Access

Public access allows visitors to search your content without authentication. When enabled, the widget and search page can make requests directly from the browser.

Enabling Public Access

In your site settings, toggle Public Access to enable it. You can control:

• Search - Allow public search queries
• Chat - Allow AI chat (requires Pro plan or higher)

Allowed Domains

For security, you must specify which domains can access your search API. Requests from unlisted domains will be rejected.

How Origin Validation Works

When a request comes in, we check:

1. The Origin header (for CORS requests)
2. The Referer header (as fallback)

If neither matches your allowed domains, the request is rejected with a 403 error.

Anonymous Sessions

For AI chat, you can enable Anonymous Sessions. This allows conversation continuity without requiring users to log in:

• A session ID is generated automatically
• Conversation history is preserved for the session duration
• Sessions expire after the configured TTL (default: 30 minutes)

Session TTL

Configure how long sessions last (5-1440 minutes). Longer sessions provide better continuity but use more storage.

Testing Public Access

Use the Preview feature in your dashboard to test public search:

1. Go to your site in the dashboard
2. Click Preview in the Embed tab
3. Test search queries and chat

The preview runs against the real public API, so you can verify that origin validation and rate limits are working correctly.

Troubleshooting

403 Forbidden Errors

If you see "Origin not allowed":

• Check that your domain is in the allowed list
• Include the protocol (requests come from https://)
• For local development, add localhost or 127.0.0.1

Chat Not Working

• Ensure Chat Enabled is turned on
• Chat requires Pro plan or higher
• Check your chat rate limits aren't exceeded