Fetchply Docs
Settings

Security Settings

Understand Fetchply's current API key and platform security model, plus what in-app security controls are still coming soon.

Current Status

The dedicated Security page inside an agent is currently coming soon. Today, security-related tasks are split across account-level API key management, platform protections, and webhook verification.

Use Dashboard → Account → API Keys for API authentication today. Agent- level security controls are present in the navigation but not fully shipped yet.

API Key Management

API keys authenticate programmatic access to the Fetchply API. Manage keys at Dashboard → Account → API Keys.

  • Click Generate API Key to create a new key with the fp_ prefix
  • Copy the raw key immediately because it is shown once
  • Revoke old keys from the same page to disable them immediately
Use an API key
curl -X GET https://fetchply.com/api/v1/agents \
  -H "Authorization: Bearer fp_your_api_key"

Security Best Practices

  • Never expose keys in client-side code — API keys should only be used in server-side applications
  • Rotate keys periodically — generate new keys and retire old ones
  • Use one key per integration — if you revoke one, others keep working
  • Monitor usage — check when each key was last used from the API Keys page

Rate Limiting

The Fetchply API enforces rate limits to protect against abuse:

  • 60 requests per 60 seconds per API key
  • Exceeding the limit returns 429 Too Many Requests
  • Response includes a Retry-After header with the number of seconds to wait

Rate limits are applied per API key. Using multiple keys doesn't increase your total limit — it distributes it.

Data Security

  • All API communication uses HTTPS/TLS
  • API keys are hashed (SHA-256) before storage — we never store plaintext keys
  • Widget communication uses iframe isolation — the widget cannot access your page's DOM or cookies
  • Webhook payloads are signed with HMAC-SHA256 for verification
  • All user data is scoped per account — agents can only access their own data

Coming Soon

The in-app agent security screen is reserved for future controls. Until that ships, treat this page as reference documentation rather than a walkthrough for live agent-level settings.

General Settings

Configure your agent's name, system prompt, model, welcome message, and behavior options.

Webhooks

Subscribe to events and receive real-time notifications when things happen in Fetchply.

On this page

Current StatusAPI Key ManagementSecurity Best PracticesRate LimitingData SecurityComing Soon