API keys manage access to the API endpoints only. AFAIK, there is currently no way to create access tokens for reader accounts to access private content on the knowledge base site. We would be interested to create such access tokens that can be used by the products to access CSH content that is not necessarily public, but should only be visible if consumed by the product help.

Note the widget is not feasible for certain use cases, e.g. locked down on-prem web apps, native Linux/Windows applications that cannot embed the JS widget, etc.