Step 1 — The Problem

Your Business Website Today

A great website, but visitors leave without engaging. No way to answer questions instantly, capture leads, or offer support 24/7.

https://www.testcorp-realty.com

TestCorp. Realty

Home Listings About Contact

Find Your Dream Home

Trusted by thousands of homebuyers. Browse our curated listings.

AI-Powered Search

Tell us what you're looking for and get instant recommendations.

Virtual Tours

Explore properties from the comfort of your home.

Expert Agents

Our team is ready to guide you every step of the way.

Step 2 — Sign Up

Register on Reapdat in 2 Minutes

Create your account, tell us about your business, and our AI builds your custom agent automatically.

1

Create Account

Sign up with your email at reapdat.com. Verify your email and log in.

you@testcorp-realty.com

2

Tell Us About Your Business

Enter your business name, industry, website URL, and preferred tone. The AI uses this to configure your agent.

TestCorp Realty — Real Estate — testcorp-realty.com

3

Customize Your Agent

Choose your agent's voice, welcome message, widget color, and language. Preview it live before launching.

Welcome! I'm the TestCorp AI assistant. How can I help you today?

4

Launch!

Click "Launch" and your AI agent is live. You're taken to the Integration page with everything you need.

Step 3 — Integration Page

Get Your Embed Code & API Keys

After onboarding, your Integration page gives you everything: the embed snippet, API keys (shown once), and security settings.

Website Embed Code

                            
                            <!-- Paste before </body> -->

                            <script

                              src="https://api.reapdat.com/static/widget.js"

                              data-tenant="a95dcc38-2f96-4199-8651-5bb787827bab"

                              data-color="#FF3621"

                            ></script>

Your API Keys (shown once — save them now!)

Regular API Key ua_kX9qLm7Tz2Wp... Public Embed

Admin API Key ua_admin_Rp4sNv... Secret — Server Only

Step 4 — Embed It

Paste the Code Into Your Website

One line of code. Paste it before </body> in your HTML. Click the button below to see it happen live.

testcorp-realty.com

TestCorp.

Home Listings About

Find Your Dream Home

Browse listings or chat with our AI assistant.

Modern Condo

$425,000 • Downtown

Family Home

$589,000 • Oak Park

Beachfront

$310,000 • Oceanside

Luxury Villa

$1.2M • Hillside

Step 5 — Security

How Everything Stays Secure

Your data, your conversations, and your customers are protected at every layer.

🔑

Layer 1: Tenant ID (Public Identifier)

The data-tenant in the embed code is a public ID — like Intercom's app_id or Stripe's publishable key. It only identifies which business to show. It cannot read data, change settings, or access anything sensitive.

data-tenant="a95dcc38-2f96-..." → Shows TestCorp Realty's widget
Cannot: read conversations, change settings, access leads

↓

🔒

Layer 2: API Keys (Secret — SHA-256 Hashed)

Admin operations require secret API keys that are never stored in plaintext. Only a SHA-256 hash is kept in the database. Keys are shown once at creation and can be regenerated anytime.

You see: ua_admin_Rp4sNvK2x8...
Database stores: hash("...") → 7f2a9c4e1b3d...
Even if DB is breached, keys cannot be recovered

Regular key (ua_) — for widget and chat
Admin key (ua_admin_) — for settings and data access
Keys can be revoked or regenerated instantly

↓

🌐

Layer 3: Domain Restriction

You specify which domains can load your widget. If someone copies your embed code to an unauthorized site, the widget refuses to load.

Allowed: testcorp-realty.com, www.testcorp-realty.com

testcorp-realty.com → Widget loads normally
evil-site.com → Widget hidden, console: "Domain not authorized"

↓

💬

Layer 4: Conversation Security

Every chat and voice call is tenant-isolated. TestCorp's conversations are never visible to other tenants. All data flows over HTTPS/TLS encryption.

Each tenant's data is completely isolated in the database
All API calls authenticated per-tenant
HTTPS/TLS encryption for all data in transit
Voice calls use encrypted WebRTC (SRTP)
Session-based — no conversation data stored in browser

↓

🛡

Layer 5: Admin Portal Security

The management portal uses JWT authentication with HTTP-only cookies. Admin API keys are separate from widget keys, so even if a widget key leaks, your admin panel stays safe.

JWT tokens with expiration
Separate admin vs regular API keys
API key permissions: can_chat, can_call, can_admin
One-time key display — never shown again after creation