Security

The Security tab covers four areas: workflow settings, webhook log retention, IP allowlisting, anonymization rules, and project API secrets. Availability of some features depends on your package tier.

Workflow Settings

(Pro & Enterprise)

Workflow enforces the four-eyes principle for content changes in the CMS. When enabled, every article change made by a content editor requires approval from at least one other team member before it can be published.

Users with the additional Workflow Administrator role can publish without requiring approval. This role is assigned via the Users menu.

See How Do I Enable/Disable Workflow?

Webhook Settings

(Pro & Enterprise)

Webhook Logs Data Retention Period — A slider (1–7 days) controlling how long webhook error logs are retained. The default is 7 days. Reducing the retention period does not retroactively clear existing logs for previous days.

Delete Context Variable Webhook logs — Permanently deletes all stored context variable webhook logs for this project. Deletion is queued and completes within 24 hours. This cannot be undone.

See How Do I Adjust the Webhook Log Settings?

Allowed IPs

(Enterprise only)

Restricts engine access to a defined list of IP addresses for your staging or production environment. When configured, only allowlisted IPs can reach the engine — any unlisted IP will be blocked.

⚠️ Use with care. If an incorrect IP is added or the correct one is missing, the chatbot will be unavailable to end users. This feature is most useful during testing, before going live.

See How Do I Add Allowed IPs for My Project?

Anonymization Rules

Anonymization rules define regex patterns that are automatically stripped or replaced in conversation data before it is stored or used in analytics. A set of global default rules is provided (covering IBAN, credit card numbers, email addresses, dates, and currency values). These can be extended with project-specific rules.

To add a rule, click Add Rule and fill in the name, description, regex pattern, replacement string, regex options, and sort order. Rules with a lower sort order number are applied first.

Use Restore Global Rule to reset to the account-level default ruleset.

See Managing Anonymization Rules (Masking) for AI Cloud Analytics

API Secret

Generates credentials for programmatic access to this project's Analytics API. Click Create secret to generate a new key pair. The credentials are shown once — copy and store them securely immediately, as they cannot be retrieved again.

If you need to rotate credentials, click Rotate on an existing secret. The old credentials are invalidated immediately upon rotation.

See Create or Rotate Analytic API Keys