> ## Documentation Index
> Fetch the complete documentation index at: https://docs.knotie-ai.pro/llms.txt
> Use this file to discover all available pages before exploring further.

# API access overview

> Understand when to use AI Gateway, customer API keys, MCP tokens, and embed URLs.

## Start here first

If you are looking for the current OpenAI-compatible API key flow, use the top-level [AI Gateway](/partner-portal/ai-gateway) page.

That is where partners now:

* Create AI API keys
* Control which models can be used
* Manage budgets and top-ups
* Regenerate or revoke keys
* Set up customer self-service AI Gateway access

## Which option to use

### AI Gateway

Use [AI Gateway](/partner-portal/ai-gateway) when you need:

* OpenAI-compatible API keys
* Limits on which models can be used
* Usage-based AI billing
* Customer-billed AI Gateway keys
* Customer self-service key creation from the whitelabel portal

### Customer portal API Keys

Use the customer-side **API Keys** menu when a customer needs standard programmatic access that depends on:

* **API Access** being enabled
* **API Keys** menu visibility being enabled

This is separate from **AI Gateway**.

### MCP Tokens

Use **MCP Tokens** when you are working with MCP-specific integrations and agent tooling.

### Embed URLs

Use [Embed URLs](/partner-portal/customers/embed-urls) for:

* Customer-scoped widgets
* Embedded portal experiences
* iframe or embedded access flows

Do **not** use a partner AI Gateway key for embedded customer portal access.

## Whitelabel branding on API keys pages

Both the partner-side **Settings → API Keys** page and the customer portal **API Keys** section automatically follow your partner brand settings. No extra configuration is needed.

What this means in practice:

* **Primary color** — the action buttons (Generate, Copy, Delete) use your brand's primary color from [Whitelabel settings](/partner-portal/settings/whitelabel-settings).
* **Dark theme** — the page matches the partner portal's dark look.
* **Branded key reveal** — when a new API key is generated and shown once, that pop-up uses your primary color.
* **Branded empty state** — when a customer has no API keys yet, the message references your business name.

<img src="https://mintcdn.com/kno2getherlabsltd/kNjcBRHaIWbDnZJ2/images/screenshots/customer-api-keys-branded-2026-07-03.png?fit=max&auto=format&n=kNjcBRHaIWbDnZJ2&q=85&s=82c4f478481a13610fb42d1d92ffc3f4" alt="Customer portal API Keys page showing partner-branded buttons and the dark-themed layout" width="1536" height="730" data-path="images/screenshots/customer-api-keys-branded-2026-07-03.png" />

## Security reminders

Treat any key or token like a password:

* Never expose it in client-side code unless that flow is specifically designed for browser use
* Store it in a secrets manager or password vault
* Rotate it after team changes or suspected exposure

## Common confusion to avoid

* **AI Gateway** is for usage-based AI access.
* **API Keys** visibility in the client portal depends on **API Access**.
* **AI Gateway** visibility in the client portal depends on **AI Credits** plus the partner self-service setting.
* **Embed URLs** are for embedded customer experiences, not server-side partner automation.

## Related pages

* [AI Gateway](/partner-portal/ai-gateway)
* [Features, add-ons, and menu visibility](/partner-portal/customers/features-addons-and-menu-visibility)
* [Embed URLs](/partner-portal/customers/embed-urls)
* [MCP tokens](/partner-portal/ai-agents/mcp/tokens)
* [Whitelabel settings](/partner-portal/settings/whitelabel-settings)
