API Keys
Secret Key — server-side only; never ship it to clients
| Name | Environment | Key | Created | Last used | |
|---|---|---|---|---|---|
| 生产环境后端 | 生产 | pchy_sk_••••••••4f2a | 2026-06-12 | 2 分钟前 | |
| 测试环境 | 测试 | pchy_sk_test_••••9c1e | 2026-06-20 | 昨天 |
Demo data — sign in to create and manage real keys.
How end users connect — zero config and zero keys on their side
1 The Secret Key stays on your server It never leaves your backend; rotate or revoke it here at any time.
2 Exchange it for a Session per end user Call the sessions endpoint with your own user ID; first-seen users are provisioned automatically — no setup required.
3 Clients connect with the Session Token Short-lived and scoped to that user's agent instance; usage rolls up to this project's billing.
POST /v1/sessions
Authorization: Bearer pchy_sk_…
{ "agent": "<agentId>", "external_user_id": "user_4211" }
→ { "session_token": "pchy_…", "expires_in": 3600 }
Demo mode — sign in to see your real keys.