Overview

Public keys are specifically designed for authenticating the Retell Chat Widget when embedded on your website. Unlike API keys, which should never be exposed in client-side code, public keys are safe to include in frontend applications for this specific purpose. Public keys are used exclusively for:
Public key

Allowed Domains

For security reasons, public keys are restricted to specific domains. This prevents unauthorized use of your public key on other websites. To configure allowed domains:
  1. Navigate to the Public Keys section in your Retell dashboard
  2. Click on the public key you want to configure
  3. Add the domains where your public key can be used (e.g., example.com, app.example.com)
  4. Save your changes
Testing on localhostTo test your integration locally, add localhost to your allowed domains list. This enables development and testing on your local machine before deploying to production.

Google reCAPTCHA v3 Protection (Optional)

You can optionally enable Google reCAPTCHA v3 protection for your public key to prevent abuse when using the Retell Chat Widget. When enabled, the chat widget will require reCAPTCHA verification before initiating conversations. To enable reCAPTCHA:
  1. Navigate to the Public Keys section in your Retell dashboard
  2. Click on the public key you want to configure
  3. Toggle on Abuse Prevention (Google reCAPTCHA)
  4. Add your reCAPTCHA Secret Key (obtain from Google’s reCAPTCHA page)
  5. Adjust the Score Threshold (default: 0.5)
    • Lower scores are more likely to be bots
    • Higher thresholds may block more real users
  6. Save your changes
When reCAPTCHA is enabled for a public key, you must also implement reCAPTCHA on your frontend. See Google’s reCAPTCHA documentation for implementation details.

Security Considerations

While public keys are specifically designed for use with the Retell Chat Widget in client-side code, you should still follow these best practices:
  • Only add domains you control to the allowed domains list
  • Regularly review your allowed domains to ensure they’re up-to-date
  • Use the most restrictive domain settings possible for your use case
  • For server-to-server communication, use API keys instead

Managing Public Keys

You can create, view, and manage your public keys from the Retell dashboard:
  1. Navigate to the Public Keys section
  2. Create a new public key or select an existing one to configure
  3. Set up allowed domains as needed
  4. Copy the public key to use with the Retell Chat Widget on your website