Skip to main content

Private Knowledge Box

Access rights on a private box

When a Knowledge Box is private, only authorized access is allowed.

note

Nuclia does not support granular access control to a Knowledge Box. All content in a Knowledge Box is visible to all authorized users.

API calls on a private box

All endpoints will require an X-NUCLIA-SERVICEACCOUNT header.

Depending on the endpoint, it might require different roles:

  • a Member API key for any read operation (get a resource, search, etc.),
  • a Contributor API key for any write operation (create a resource, set a label, etc.),
  • or an Owner API key for any admin operation (change the settings, add a user, etc.).

These roles are cumulative: a Contributor can do what a Member can do, and an Owner can do what a Contributor can do.

Using the widget on a private box

Direct access

note

Do not publish a private Knowledge Box widget on a public website. The HTML snippet contains an API key allowing read access on the full Knowledge Box content.

To use the widget on a private Knowledge Box, you will need to provide extra attributes in the HTML snippet:

  • apikey: In the Nuclia Dashboard, go to the left navigation bar and click on API Keys and add a Member API key.
  • state: Set it to PRIVATE.
  • account: The account slug (the part of the URL after https://nuclia.cloud/at/).
  • kbslug: The Knowledge Box slug (the part of the URL after https://nuclia.cloud/at/<account-slug>/).

Example:

<script src="https://cdn.nuclia.cloud/nuclia-video-widget.umd.js"></script>
<nuclia-search-bar
  knowledgebox="0b445287-c465-412d-9630-8ae30c1668fc"
  account="eric"
  kbslug="mykb"
  state="PRIVATE"
  apikey="<API-KEY>"
  zone="europe-1"
  features="permalink"
></nuclia-search-bar>
<nuclia-search-results></nuclia-search-results>

Behind a proxy

If you want to keep your Knowledge Box private but still use the widget on a public website, you can use a proxy.

The proxy will inject the API key in the request header before forwarding the request to Nuclia, so the call will not be rejected, but still your API key is not exposed in your frontend code.

Here is a typical Nginx proxy configuration:

server {
  listen 0.0.0.0:8000;

  location /api {
    proxy_set_header X-NUCLIA-SERVICEACCOUNT 'Bearer <YOUR_API_KEY>';
    proxy_pass https://europe-1.nuclia.cloud;
    proxy_ssl_session_reuse off;
    proxy_cache_bypass $http_upgrade;
    proxy_redirect off;
    proxy_buffering off;
  }
}

The widget can use it by declaring your proxy as the backend, and setting the proxy attribute to true. The HTML snippet will then look like:

<nuclia-search-bar
  knowledgebox="<YOUR_KNOWLEDGEBOX_ID>"
  backend="http://0.0.0.0:8000/api"
  proxy="true"
></nuclia-search-bar>

Similarly, you can use the proxy from your own frontend code:

import { Nuclia } from '@nuclia/core';

const nuclia = new Nuclia({
  knowledgebox: '<YOUR_KNOWLEDGEBOX_ID>,
  backend: 'http://0.0.0.0:8000/api',
  proxy: true,
});

See a full demo here.