SiteKey vs API Key
Cludo supports two main credential types for API access: SiteKey and API Key. Use the one that matches how you are calling the API.
SiteKey
Use SiteKey for client-side and public-facing integrations. This includes search widgets, autocomplete, AI Chat, and AI Summary on your website or in a front-end app. Preferred for: search, autocomplete, AI Chat, AI Summary, content recommendations, 404 module, feedback, related searches.
Format
A SiteKey must be sent in the request header:
Authorization: SiteKey <token>
Where <token> is a Base64-encoded string in the following format:
base64(customerId:engineId:SearchKey)
Important: The SearchKey is a fixed, literal string — not a placeholder and not a value you replace.
Important limitations:
- A SiteKey is tied to one specific engine.
- You cannot use a SiteKey from one engine to authenticate requests to another engine.
- If you are working with multiple engines, you must generate and use a separate SiteKey for each one.
API Key (Basic auth)
Use API Key for server-to-server calls and back-end integrations. This is the right choice when your server or a third-party system calls the Cludo API without exposing credentials in the browser.
- Preferred for: management APIs, content push/delete, server-side search, analytics, tools, and any call that does not run in the user’s browser.
- Format:
base64(customerId:apiKey)sent asAuthorization: Basic <token>. - Where to get it: MyCludo → customer/account settings (API key).
Quick reference
| Use case | Use |
|---|---|
| Search or AI functionality on your website (browser) | SiteKey |
| Back-end or server integration | API Key (Basic) |
| Managing content, engines, or analytics from a script | API Key (Basic) |
For more detail on authentication and region, see Region and API base URL (EU vs US) and Cludo API documentation.