Embedding microfrontends — embed tokens
Pilot Status lets a tenant embed two microfrontends into their own SaaS, white-label, via a hosted iframe + a tiny JS SDK. Your customers stay inside your product and see your brand.The two surfaces
| Surface | What it is | Served from |
|---|---|---|
| Chat | A WhatsApp inbox (conversations, send/receive). | https://chat.pilotstatus.com.br |
| Connect | Remote pairing — connect a WhatsApp number (QR / Meta Embedded Signup). | https://connect.pilotstatus.com.br |
/api calls are same-origin — there is no CORS for you to configure. The only calls you make are server-to-server to mint tokens.
POST /v1/embed/sessions — Mint a Chat embed token
Mint embed tokens on your backend, never in the browser. Authenticated with your tenant’sps_ API key (x-api-key header).
"chat" or "connect" — which microfrontend the token is for.Required for
surface: "chat" — the numbers the embed may act on. A number-scoped ps_ key ignores this and is forced to its own number.Exact origins allowed to frame the embed (min 1), e.g.
["https://app.tenant.com"].Optional per-session branding override (see White-label below).
Token lifetime. Defaults: chat 15 min, connect 30 min.
201:
token is short-lived. The SDK injects it into the iframe in memory — never in a URL.
POST /api/public/embed/refresh — Sliding refresh
The iframe presents its current (still-valid) embed token asAuthorization: Bearer <token> and receives a fresh one (sliding refresh). On full expiry the SDK calls onSessionExpired so you can re-mint via your backend.
Connect uses a different token. For the Connect surface, the iframe is authorized by the existing remote-pairing token (the one returned by
POST /v1/numbers/remote-pairing as remotePairingUrl — see Remote Pairing). The POST /v1/embed/sessions token is for Chat.JS SDK — @pilot-status/embed
Available as an npm package and as a CDN script.PilotStatus.chat.mount(selector, options)— mounts the WhatsApp inbox iframe (defaults tohttps://chat.pilotstatus.com.br). Pass the chat embed token, plus optionallocale,theme, and callbacks (onUnreadCount,onConversationOpened,onSessionExpired).PilotStatus.connect.open(options)— opens the connect (remote-pairing) flow (defaults tohttps://connect.pilotstatus.com.br). Pass the remote-pairing token, plusonPaired,onError,onExpiredcallbacks.
Security
- Mint tokens server-side. Never expose your
ps_key in the browser — only your backend callsPOST /v1/embed/sessions(andPOST /v1/numbers/remote-pairing). - Tokens are short-lived (chat 15 min / connect 30 min by default) and refresh on a sliding window.
allowedOriginsbinds which sites may frame the embed (exact origins, min 1).- An embed token is hard-scoped to its
whatsappNumberIds— it can only act on those numbers.
White-label
The embed reuses the tenant’s existing branding configured in the dashboard Branding/Marca tab — logo, primary/background colors, company name, and the “hide Pilot Status” toggle (see Connect page branding). You can additionally pass an optionalbrandingOverride object on POST /v1/embed/sessions to override branding for just that session.