Embed

Your Experience Space can be embedded in your website and/or mobile application by using a webview or iframe pointing to https://<space-id>.mycohort.io/space

The iframe uses the Window.postMessage API to communicate with the parent app or website.

We highly recommend you use our Cohort Embed JS SDK to render the iframe.

Documentation and code examples are available in the Github repository.

Authenticating Users

In embed mode, you can choose between two modes of authentication:

cohort(Default): The session of the user is managed by Cohort. The user will be required to login and logout inside the iframe using their email address. This is the simplest authentication mode. Use this if you don't have an existing user authentication system, or if you don't want to integrate Cohort with it. Sessions will be cached automatically inside the iframe (so the user won't need to sign-in again if they have signed-in in the past on the same browser).
custom: You take care of managing the session of users in your application and tell the iframe which user is logged in by providing a Cohort Auth token to the iframe. If you use this mode and let logged out users see the Experience Space, they will be redirected to your own authentication page when trying to access a protected page.

Auth tokens can be created using the Merchants API with the following endpoint:

https://api.getcohort.com/docs/merchants-api#/Users/UsersV1Controller_createAuthToken

For security reasons, Merchants API Keys should never be passed in frontend applications.

The call to create an auth token should always be made in your backend.

The complete flow for loading the embedded Experience Space looks somewhat like this:

PreviousOverview NextMerchants API

Last updated 1 year ago