Overview

Public keys are specifically designed for authenticating the Retell Chat Widget when embedded on your website. Unlike API keys, which should never be exposed in client-side code, public keys are safe to include in frontend applications for this specific purpose.

Public keys are used exclusively for:

Allowed Domains

For security reasons, public keys are restricted to specific domains. This prevents unauthorized use of your public key on other websites.

To configure allowed domains:

  1. Navigate to the Public Keys section in your Retell dashboard
  2. Click on the public key you want to configure
  3. Add the domains where your public key can be used (e.g., example.com, app.example.com)
  4. Save your changes

Testing on localhost

To test your integration locally, add localhost to your allowed domains list. This enables development and testing on your local machine before deploying to production.

Public key domain configuration

Security Considerations

While public keys are specifically designed for use with the Retell Chat Widget in client-side code, you should still follow these best practices:

  • Only add domains you control to the allowed domains list
  • Regularly review your allowed domains to ensure they’re up-to-date
  • Use the most restrictive domain settings possible for your use case
  • For server-to-server communication, use API keys instead

Managing Public Keys

You can create, view, and manage your public keys from the Retell dashboard:

  1. Navigate to the Public Keys section
  2. Create a new public key or select an existing one to configure
  3. Set up allowed domains as needed
  4. Copy the public key to use with the Retell Chat Widget on your website