All integrations are read-only

Integrations

Airis pulls knowledge from your existing tools — it never writes back. Every integration is a one-way read pipeline: credentials are AES-256 encrypted at rest and have no write scopes.

Plan availability

Integration	Starter ($0)	Individual ($25)	Managed ($29)	Pro ($49)	Enterprise ($199)
Jira	—	—	—
Slack	—	—	—
GitHub	—	—	—
Confluence	—	—	—
LLM Providers (BYOK)			—
Airis Managed LLM	—	—		—	—
Airis Assistant
Platform API Keys	—	—	—
Embed Widget (chatbot)	—	—
Self-Hosted Connector	—	—	—	—
BYODB (own Postgres)	—	—	—	—

Compare plans →Don't want to manage API keys? The Managed plan ($29/mo) uses Airis's own hosted LLM — no BYOK required. See Managed plan →

Jira

Pro · Enterprise

read-onlyResolved issues · Comments · Sprint summaries

Airis indexes resolved Jira issues — the problem description, resolution comments, and assignee. This makes previously solved tickets searchable by anyone on your team, even if they weren't involved.

What Airis does NOT do: Create tickets, comment on issues, change status, assign users, or modify any Jira data.

Setup

Generate a Jira API token at id.atlassian.com/manage-profile/security/api-tokens

In Airis Admin → System Settings → Jira, enter your Host (yourcompany.atlassian.net), email, and API token.

In Admin → Workspaces, create a workspace of type JIRA and enter the project key (e.g. INFRA).

Toggle Jira Ingestion Enabled in System Settings. Cron runs at 06:00 and 18:00 daily. Use on-demand sync anytime.

Required permissions

The API token account needs Browse Projects on monitored projects only. No write permissions are requested or needed.

Deep Search (LangGraph agent)

When Deep Search is active (Pro/Enterprise), the agent can query Jira directly:

TEXT

User: "What's the status of AUTH-123?"
Agent: search_jira({ issueKey: "AUTH-123" })
       → { status: "In Progress", assignee: "Sarah", comments: [...] }

Slack

Pro · Enterprise

read-only✅-reacted threads · Channel history

Airis monitors channels where the bot is a member. Only threads with a ✅ reaction are indexed — this is intentional. It means only validated, resolved discussions enter the knowledge base, not every random message.

What Airis does NOT do: Post messages, react to messages, read DMs, access private channels without invitation, or modify any Slack data.

Setup

Create a Slack App at api.slack.com/apps

Add Bot Token Scopes: channels:history, channels:read, reactions:read, users:read

Install the app and copy the Bot Token (xoxb-...)

In Airis Admin → System Settings → Slack, paste the Bot Token.

Invite the bot to every channel you want monitored: /invite @airis

The ✅ reaction workflow: add :white_check_mark: to any thread to mark it for ingestion. This keeps the knowledge base signal-dense — only solutions your team validated get stored.

Deep Search (LangGraph agent)

TEXT

User: "Has the team discussed the Redis memory issue?"
Agent: search_slack({ query: "redis memory" })
       → matching thread summaries with channel + timestamp

GitHub

Pro · Enterprise

read-onlyMerged PRs · READMEs · Issues

Airis indexes merged pull requests, PR descriptions and review comments, READMEs, CODEOWNERS, and open issues. This makes your codebase context searchable — ideal for onboarding and debugging.

What Airis does NOT do: Create PRs, push commits, create issues, comment on PRs, star repos, or modify any GitHub data.

Setup

Create a GitHub Personal Access Token at github.com/settings/tokens with scopes: repo:status, public_repo (or repo for private repos).

In Airis Admin → System Settings → GitHub, paste the token.

In Admin → Workspaces, create a workspace of type GITHUB with identifier owner/repo-name.

ZIP / Code Repository upload (all plans)

On any plan, you can upload a .zip of your repo via Admin → Documents. Airis walks the file tree, skips node_modules/dist/.git, and indexes .ts, .js, .py, .go, .md, and more — preserving the relative file path as source metadata.

Deep Search (LangGraph agent)

TEXT

User: "What was the last PR merged for the auth service?"
Agent: search_github({ repo: "myorg/auth-service", type: "pr", limit: 1 })
       → { prNumber: 42, title: "Fix auth flow (AUTH-123)", mergedAt: "..." }

Confluence

Pro · Enterprise

read-onlyPages · Spaces · Page trees

Airis indexes Confluence pages — HR policies, runbooks, architecture documents, onboarding guides. All spaces the token account can view are indexed automatically.

What Airis does NOT do: Create pages, edit pages, change permissions, or leave comments.

Setup

Generate an Atlassian API token (same token works for both Jira and Confluence): id.atlassian.com/manage-profile/security/api-tokens

In Airis Admin → System Settings → Confluence, enter your Host, email, and API token.

The token account only needs View permission on spaces. Airis will not index spaces the account cannot read.

LLM Providers (BYOK)

All plans

Every organisation brings their own LLM API key. Credentials are AES-256 encrypted in OrgSetting and never returned via the API after saving. Switch providers from the admin panel — no restart required.

Provider	Models	Notes
Anthropic	claude-opus-4-5 · claude-sonnet-4-6 · claude-haiku-4-5	Best for HR, legal, compliance. 200K context.
OpenAI	gpt-4o · gpt-4o-mini · gpt-4-turbo	Widest ecosystem compatibility.
Google Gemini	gemini-2.0-flash · gemini-1.5-pro · gemini-1.5-flash	1M token context.
xAI Grok	grok-3-mini · grok-beta	Fast inference.
Ollama	llama3 · mistral · phi3 · mixtral	Fully local. Zero API cost. No external traffic.
Azure OpenAI	gpt-4o (via deployment name)	For organisations on enterprise Azure accounts.

Embedding models

Airis uses a separate embedding model to convert text into vectors for semantic search. The embedding provider must be configured alongside your LLM provider.

Provider	Embedding model	Dimensions	Notes
OpenAI	text-embedding-3-large	1536	Default. Best retrieval quality.
Google Gemini	text-embedding-004	768	Matryoshka; lower storage cost.
Ollama	nomic-embed-text · mxbai-embed-large	768 / 1024	Fully local. Zero API cost.
Azure OpenAI	text-embedding-3-large	1536	Via deployment name.

Anthropic and xAI do not provide embedding models — pair them with OpenAI or Google Gemini for embeddings. The vector dimension must stay consistent after initial setup; changing providers requires a full re-ingestion.

Platform API Keys

Pro · Enterprise

Generate API keys to call Airis programmatically from CI/CD pipelines, internal tools, or scripts. The full key is shown once at creation — Airis stores only the SHA-256 hash.

Scopes

chat

Ask questions, get AI answers

ingest

Push documents programmatically

read

Read sessions, messages, workspaces

admin

Manage users, teams, settings

embed

Server-to-server chatbot session creation (never used in browser)

Example

BASH

curl -X POST https://api.airis.com/api/v1/chat \
  -H "X-API-Key: airs_live_xxxxxxxxxx" \
  -H "Content-Type: application/json" \
  -d '{"message": "What is the Redis config?", "workspaceIds": ["ws_infra"]}'

Rate limits (RPM and RPD) and monthly token caps are configurable per key. Limits are enforced via Redis sliding-window counters.

Embed Widget

Pro · Enterprise

Add an AI-powered chat bubble to any website you own. Visitors get instant answers from your organisation's knowledge base — scoped to the team you choose. Your internal data stays private; your Airis API key never reaches the browser.

How it works

TEXT

Visitor browser
  1. loads widget.js  →  GET /embed/widget.js  (served by Airis API)
  2. widget fetches branding  →  GET /embed/config/:chatbotId  (public)
  3. visitor sends message  →  widget calls YOUR backend session endpoint

Your backend  (Express / FastAPI / Spring Boot…)
  4. POST /api/v1/embed/session  (X-API-Key with embed scope)
     ← Airis returns { sessionToken, expiresAt }
  5. your backend returns sessionToken to the browser

Widget (no API key in browser)
  6. POST /embed/chat/stream  Bearer: sessionToken
     ← SSE stream back to visitor

The session token is a signed JWT that expires in 15 minutes and is refreshed automatically by the widget. Your Airis API key is only ever used server-to-server — it is never exposed to visitors.

Step 1 — Create a chatbot

Go to Settings → Chatbots → New Chatbot.

Choose the Team whose knowledge the chatbot should answer from.

Set a bot name, welcome message, fallback message, and your brand colour.

Under API Key, select (or create) an API key with the embed scope.

Save — you'll see your Chatbot ID (e.g. cfg_xxxxxxxxxx) and the embed snippet.

Step 2 — Add the widget to your site

Paste this snippet into your HTML before </body>:

HTML

<script
  src="https://api.airis.com/embed/widget.js"
  data-chatbot-id="cfg_xxxxxxxxxx"
  data-session-url="https://yoursite.com/api/airis-session"
  defer
></script>

data-session-url — the URL of your own backend endpoint that exchanges your API key for a short-lived session token.

Step 3 — Add the session endpoint to your backend

One endpoint on your server exchanges your API key for a short-lived session token and returns it to the widget. Select your stack:

// Express.js — src/routes/airis-session.js
import express from 'express';

const router = express.Router();

router.post('/api/airis-session', async (req, res) => {
  const response = await fetch('https://api.airis.com/api/v1/embed/session', {
    method: 'POST',
    headers: {
      'Content-Type': 'application/json',
      'X-API-Key': process.env.AIRIS_API_KEY,   // embed-scoped key
    },
    body: JSON.stringify({
      chatbotId: process.env.AIRIS_CHATBOT_ID,  // cfg_xxxxxxxxxx
    }),
  });

  if (!response.ok) {
    return res.status(502).json({ error: 'Failed to create session' });
  }

  const { sessionToken, expiresAt } = await response.json();
  res.json({ sessionToken, expiresAt });
});

export default router;

Never put your API key in the browser. The widget only receives the short-lived session token — it cannot be used to call any other Airis endpoint.

Required API key scope

The API key used in your backend must have the embed scope. Create one at Settings → API Keys → New Key → Scope: embed. Keys with embed scope cannot be used for chat, ingestion, or admin operations — they are narrowly scoped for session creation only.

Self-Hosted Connector

Enterprise

For air-gapped environments where credentials must never leave your network. The connector Docker image runs inside your infrastructure, pulls data from your tools, and pushes only processed text chunks to the Airis API — credentials never egress.

BASH

docker run -d \
  -e AIRIS_API_KEY=airs_live_xxxxx \
  -e AIRIS_ENDPOINT=https://yourorg.airis.com \
  -e SOURCES=slack,jira,github,filesystem \
  -e SLACK_TOKEN=xoxb-... \
  -e JIRA_URL=https://mycompany.atlassian.net \
  -e JIRA_EMAIL=bot@mycompany.com \
  -e JIRA_API_TOKEN=... \
  -e GITHUB_TOKEN=ghp_... \
  -e CONNECTOR_INTERVAL_MINUTES=60 \
  airis/connector:latest

The API key must have the ingest scope. The connector is stateless — it can be stopped, updated, and restarted without data loss.

BYODB — Bring Your Own Database

Enterprise customers can also provide their own PostgreSQL + pgvector database. Airis validates SSL and pgvector presence, then stores all knowledge vectors on your own infrastructure. Configure at Admin → Settings → Database.

Security summary

Credential storage

AES-256 encrypted at rest. Never returned via API after saving.

Write access

All integration tokens are read-only by design. No write scopes are requested.

Cross-tenant isolation

All indexed data is scoped to organizationId. No cross-tenant access possible.

API key storage

SHA-256 hash only stored — raw key shown once at creation.

Connector credentials

Never leave the customer network. Only text chunks egress to Airis.

Ready to connect your tools?

Start free — no credit card required