Publishable Keys Call APIs directly from Claude, ChatGPT, Gemini & Grok.
Browser-safe publishable keys built for AI artifacts and frontend apps. Scope-limited. Origin-locked. Budget-capped. No backend, no CORS hell, no SDK.
Apps in 30 seconds — straight from any AI canvas.
You build a PDF-to-text app in Claude Artifacts, ChatGPT Canvas, Gemini or Grok. Until today, your AI-generated app could never actually call an API: CORS blocks you, your secret key would be visible, rate-limits destroy your account. Publishable Keys fix all of this at once.
Paste this into Claude, ChatGPT, Gemini or Grok
AI CanvasOne prompt that turns any AI canvas into a real, API-powered SaaS demo — no backend required.
Read this API doc:
https://api.paperoffice.ai/latest/docs/llms-full.txt
Build a single-file React app (Claude Artifact / ChatGPT Canvas / Gemini / Grok):
User uploads a PDF, the app calls
/job/add/paperoffice_aiocr___generate directly from the browser
and shows the extracted text.
Auth: Bearer po_pk_MY_PUBLISHABLE_KEY (prompt user for the key).
Use priority=900 for sync results. Origin header is set by the browser.One preset click, one key, one paste.
Our dashboard ships with ready-to-use presets. Pick "aidemo" — Claude, ChatGPT, Gemini and Grok are whitelisted, a safe scope bundle is pre-selected, budget is capped at 2,000 credits. Paste the key into your AI prompt. Ship.
The 5-point enterprise security model.
Scoped. Origin-locked. Rate-limited. Budget-capped. Instantly revocable. Every control is enforced server-side — the key is safe to paste into any AI canvas source code.
Scope-limited
Keys can only hit the endpoint groups you explicitly whitelist: ocr:read, llm:generate, translate:run and more. Out-of-scope calls return HTTP 403.
Origin-locked
Default allow-list: claude.ai, chatgpt.com, gemini.google.com, grok.com. Add your own origins any time. Requests without a matching Origin header return HTTP 403.
Rate-limited
Redis-backed sliding-window per token. Preset defaults: 30-120 req/min. Exceeding returns HTTP 429. Protects your credit pool from scrapers and loops.
Budget-capped
Lifetime credit cap per key. Once hit: HTTP 402 BUDGET_EXHAUSTED. No surprise bills — even if a key goes viral on Reddit.
Instant revoke
Hit Revoke in the dashboard. Redis cache is invalidated on the spot. A compromised key is dead in milliseconds — no propagation delay.
Hardcoded blocks
DELETE methods, admin, billing, webhooks and token-management are hardcoded-blocked for every po_pk_ — regardless of scope. Cannot be unlocked.
Three key types — clear responsibilities.
Dual keys (server/browser) — plus a user token for per-user rate-limited access.
| Prefix | Type | Use case | Browser-safe | Default scope |
|---|---|---|---|---|
po_sk_ | Secret Key | Server-to-server, full API | No | All endpoints |
po_ut_ | User Token | User-scoped, tier-limited | No | Tier-based |
po_pk_NEW | Publishable Key | Browser / AI Canvas (Claude, ChatGPT, Gemini, Grok) | Yes | Scope list |
One click. One key. One purpose.
Each preset is tuned for a concrete use case — safe defaults, curated scopes, realistic budgets. You can fine-tune everything in the dashboard later.
Safe default read-only rights for simple demos: OCR, LLM, Translate, Docs-Read.
ocr:readllm:generatetranslate:rundocs:read For Claude Artifacts, ChatGPT Canvas, Gemini and Grok demos. Everything you need to ship AI demos live.
ocr:readllm:generatetranslate:runimage:generatetts:runstt:runvision:analyzesearch:run For contact forms, chat widgets and booking buttons on your own company site.
chat:runbooking:createform:submitcontact:create Everything you need to know.
How is po_pk_ different from po_sk_?
po_sk_ (Secret Key) is for server-to-server integration — full access to the entire API, never put it in the browser. po_pk_ (Publishable Key) is built for browser code: scope-limited, origin-locked, budget-capped. Same pricing, different safety profile.
Why not just use a reverse proxy from my own backend?
That is the legacy approach, and it means you still need a backend. The promise of AI artifacts (Claude, ChatGPT, Gemini, Grok) is zero-backend deployment. Publishable Keys make that possible without exposing your account — the security guarantees are enforced server-side on our end.
Does this really work in Claude Artifacts despite their CORS sandbox?
Yes. As of August 2024, Anthropic supports direct browser-side API calls. PaperOffice whitelists claude.ai automatically in every po_pk_ created via the AIDEMO preset. ChatGPT Canvas, Gemini Canvas and Grok Workspaces work the same way.
What happens if my po_pk_ becomes public on Reddit or GitHub?
The damage stays contained: origin-lock blocks use on foreign domains, the budget cap stops spend, rate limits slow scrapers. Click Revoke in the dashboard — the Redis cache is invalidated instantly and the key is dead in milliseconds.
Can I add my own company.com as an allowed origin?
Yes. When creating the key, add any origin to the allow-list. The WIDGET preset is built exactly for this — register your own domain and embed chat, booking or contact widgets with zero backend.
How do I set the credit budget per key?
When creating the key you pick a lifetime credit limit. Defaults: 1,000 for DEFAULT, 2,000 for AIDEMO, 5,000 for WIDGET. Once hit, the API returns HTTP 402 BUDGET_EXHAUSTED. You can adjust anytime in the dashboard.
Is po_pk_ billed differently from po_sk_?
No. Every API call pulls the same credits from your main account — whether via po_sk_, po_ut_ or po_pk_. The po_pk_ budget cap is an extra safety net on top, not a separate pricing tier.
Which endpoints are off-limits for po_pk_?
All DELETE methods and every admin, billing, webhook and token-management endpoint is hardcoded-blocked — regardless of scope. You cannot delete data, read billing info or create new tokens with a po_pk_. This is enforced at the router level, not via scopes.
Ready to ship an AI-artifact app?
Create a key, grab llms-full.txt, paste the prompt. You will have a working SaaS running inside Claude, ChatGPT, Gemini or Grok before your next coffee.