SIMCOAI Docs
SIMCOAI API

Use secure API keys for account-connected tools

Every plan includes SIMCOAI API access. API keys are created in the dashboard and are designed for website live chat, support intake, knowledge search, event logging and server-side integrations.

Never place a secret key beginning with sk_simco_ in public browser JavaScript. Put it in your server environment variables.
Scopes

Choose the smallest access that works

readRequired for identity and /v1/me.API tester, health checks
chatAllows AI chat responses.Website live chat
conversationsWrites conversation records.Customer chat logs
knowledgeSearches approved knowledge.Support widgets
eventsLogs website/app events.Analytics and intake
orders:readReads order records.Order lookup
orders:writeCreates or updates order records.Trusted backend only
Examples

Server-side request examples

Identity

curl https://api.simcoai.co.uk/v1/me \
  -H "Authorization: Bearer sk_simco_live_REPLACE_ME"

Website chat

curl https://api.simcoai.co.uk/v1/chat \
  -H "Authorization: Bearer sk_simco_live_REPLACE_ME" \
  -H "Content-Type: application/json" \
  -d '{"channel":"website","message":"Do you have appointments today?"}'

Environment format

SIMCOAI_API_BASE=https://api.simcoai.co.uk
SIMCOAI_API_KEY=sk_simco_live_REPLACE_ME
Security

Production API rules

  1. Use separate keysCreate one key per integration so rotation is low-risk.
  2. Restrict origins when usefulAllowed origins help document where a key is expected to be used.
  3. Rotate on exposureRotating invalidates the previous secret immediately.
  4. Monitor usageWatch API usage against plan limits and investigate unusual spikes.