1b:["$","article",null,{"children":[["$","script",null,{"type":"application/ld+json","dangerouslySetInnerHTML":{"__html":"{\"@context\":\"https://schema.org\",\"@type\":\"TechArticle\",\"headline\":\"Security — the no-login model\",\"description\":\"Protected by domain whitelist, rate limits, and per-doc tokens.\",\"inLanguage\":\"en\",\"url\":\"https://penswork.com/docs/faq/security\",\"isPartOf\":{\"@type\":\"WebSite\",\"name\":\"Pen's Work\"}}"}}],["$","script",null,{"type":"application/ld+json","dangerouslySetInnerHTML":{"__html":"{\"@context\":\"https://schema.org\",\"@type\":\"BreadcrumbList\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Guide home\",\"item\":\"https://penswork.com/docs\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"FAQ\",\"item\":\"https://penswork.com/docs/faq\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"Security — the no-login model\",\"item\":\"https://penswork.com/docs/faq/security\"}]}"}}],["$","nav",null,{"className":"flex flex-wrap items-center gap-1.5 text-xs text-muted-foreground","children":[["$","span","/docs",{"className":"flex items-center gap-1.5","children":[false,["$","$L18",null,{"href":"/docs","className":"hover:text-foreground","children":"Guide home"}]]}],["$","span","/docs/faq",{"className":"flex items-center gap-1.5","children":[["$","span",null,{"children":"/"}],["$","$L18",null,{"href":"/docs/faq","className":"hover:text-foreground","children":"FAQ"}]]}]]}],["$","h1",null,{"className":"mt-3 text-3xl font-bold tracking-tight","children":"Security — the no-login model"}],["$","div",null,{"className":"devdocs-prose mt-6","dangerouslySetInnerHTML":{"__html":"

End-users (your clients) use the widget without logging in. The client key is visible in the code (it's public), but it's protected by:

Domain whitelist: the widget can only be embedded on domains you registered (CSP frame-ancestors). Copying the key to another site won't work.
Rate limiting: blocks excessive request creation and lookups.
Per-document tokens: each client's work is gated by a token scoped to that one document.

"}}]]}]