@declarion/embed 0.1.92 → 0.1.93
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +17 -8
- package/package.json +1 -1
package/README.md
CHANGED
|
@@ -153,14 +153,23 @@ cross-origin `postMessage` frames are dropped silently. The SDK detects:
|
|
|
153
153
|
A protocol version mismatch between this SDK and the Declarion deployment
|
|
154
154
|
produces a clear `console.warn` naming both versions.
|
|
155
155
|
|
|
156
|
-
##
|
|
157
|
-
|
|
158
|
-
A
|
|
159
|
-
|
|
160
|
-
|
|
161
|
-
|
|
162
|
-
|
|
163
|
-
|
|
156
|
+
## Putting it together
|
|
157
|
+
|
|
158
|
+
A real integration is two halves, and the snippets above are the whole
|
|
159
|
+
contract:
|
|
160
|
+
|
|
161
|
+
- **Host frontend** - renders `<DeclarionEmbed />` (React) or calls
|
|
162
|
+
`createDeclarionEmbed` (any framework) and supplies the async `getToken`
|
|
163
|
+
callback. The SDK owns the iframe, the `ready` -> `set-token` handshake,
|
|
164
|
+
resize, navigation, and token refresh.
|
|
165
|
+
- **Host backend** - holds the `dk:` API key (server-side only) and mints
|
|
166
|
+
short-lived, scoped embed tokens with `createEmbedSession` from
|
|
167
|
+
`@declarion/embed/server`. Your `getToken` callback fetches one from your
|
|
168
|
+
own backend endpoint.
|
|
169
|
+
|
|
170
|
+
The `dk:` key never leaves your server; the browser only ever holds a
|
|
171
|
+
short-lived, scoped embed token. That split is the entire security model -
|
|
172
|
+
keep `@declarion/embed/server` out of any browser bundle.
|
|
164
173
|
|
|
165
174
|
## License
|
|
166
175
|
|