> ## Documentation Index
> Fetch the complete documentation index at: https://docs.pilotstatus.com.br/llms.txt
> Use this file to discover all available pages before exploring further.

# Create embed session

> Creates a short-lived embed session token (JWT) to mount the chat (surface:"chat") or connect (surface:"connect") microfrontend on your own site via the @pilot-status/embed SDK. allowedOrigins (1–20 exact origins) restricts where the iframe may run; brandingOverride applies per-session branding; ttlSeconds controls validity (chat 15min, connect 30min, max 60min). Works with a number- or tenant-scoped key — a number-scoped key can only embed its own number. Refresh via POST /api/public/embed/refresh.



## OpenAPI

````yaml openapi.json POST /v1/embed/sessions
openapi: 3.1.0
info:
  title: Pilot Status API
  version: 1.0.0
  license:
    name: Pilot Status Terms of Service
    url: https://pilotstatus.com.br/terms
  description: >-
    Public REST API for Pilot Status. Authenticate with the `x-api-key: ps_...`
    header (or `x-api-key-id`). Base URL: https://pilotstatus.com.br
servers:
  - url: https://pilotstatus.com.br
security:
  - apiKey: []
  - apiKeyId: []
paths:
  /v1/embed/sessions:
    post:
      tags:
        - Embed
      summary: Create embed session
      description: >-
        Creates a short-lived embed session token (JWT) to mount the chat
        (surface:"chat") or connect (surface:"connect") microfrontend on your
        own site via the @pilot-status/embed SDK. allowedOrigins (1–20 exact
        origins) restricts where the iframe may run; brandingOverride applies
        per-session branding; ttlSeconds controls validity (chat 15min, connect
        30min, max 60min). Works with a number- or tenant-scoped key — a
        number-scoped key can only embed its own number. Refresh via POST
        /api/public/embed/refresh.
      operationId: post_embed_sessions
      requestBody:
        required: true
        content:
          application/json:
            schema:
              type: object
              properties:
                surface:
                  type: string
                  description: Microfrontend to embed.
                  example: chat
                whatsappNumberIds:
                  type: string
                  description: >-
                    Numbers to expose in chat (required for a tenant key on
                    surface:chat).
                  example: '["num_01HZX..."]'
                allowedOrigins:
                  type: string
                  description: >-
                    Exact origins (scheme://host[:port]) where the iframe may
                    run.
                  example: '["https://app.tenant.com"]'
                brandingOverride:
                  type: object
                  description: >-
                    Per-session branding (logo/colors/title) overriding the
                    tenant branding.
                ttlSeconds:
                  type: string
                  description: Token validity in seconds (default 900 chat / 1800 connect).
                  example: '900'
              required:
                - surface
                - allowedOrigins
            example:
              surface: chat
              whatsappNumberIds:
                - num_01HZX...
              allowedOrigins:
                - https://app.tenant.com
              ttlSeconds: 900
      responses:
        '201':
          description: Create chat session
          content:
            application/json:
              example:
                token: eyJhbGciOiJIUzI1NiJ9.<claims>.<sig>
                surface: chat
                whatsappNumberIds:
                  - num_01HZX...
                allowedOrigins:
                  - https://app.tenant.com
                expiresAt: '2026-06-26T15:15:00.000Z'
        '400':
          description: Invalid payload or parameters
          content:
            application/json:
              schema:
                type: object
                properties:
                  error:
                    type: string
                  code:
                    type: string
              example:
                error: Validation error
        '401':
          description: Missing or invalid `x-api-key` / `x-api-key-id` header
          content:
            application/json:
              schema:
                type: object
                properties:
                  error:
                    type: string
                  code:
                    type: string
              example:
                error: Unauthorized
        '429':
          description: Rate limit exceeded
          content:
            application/json:
              schema:
                type: object
                properties:
                  error:
                    type: string
                  code:
                    type: string
              example:
                error: Too many requests
components:
  securitySchemes:
    apiKey:
      type: apiKey
      in: header
      name: x-api-key
      description: Your ps_ API key
    apiKeyId:
      type: apiKey
      in: header
      name: x-api-key-id
      description: API key id (alternative to x-api-key)

````