Iframe integration - Permissions

Our onboarding flow is delivered in an <iframe> for seamless integration. If you are embedding our SDK within your own iframe (or a series of nested iframes), you must delegate the necessary permissions down to our frame.

How iframe permissions work

An iframe's permissions are determined by its parent. An inner iframe can only have permissions that are also granted by all of its parent frames. Therefore, you must add the required permissions to the <iframe> tag at every level of nesting.

There are two key attributes you'll need to configure:

allow: This attribute grants access to specific browser features, like the camera.
sandbox: This is a security feature that locks down an iframe's capabilities. We then selectively re-enable the functionality our SDK needs.

Minimum required permissions

To ensure our SDK functions correctly, add the following attributes to your <iframe> element and any other parent <iframe> elements wrapping it.

<iframe 
  src="..."
  allow="camera"
  sandbox="allow-forms allow-modals allow-popups allow-popups-to-escape-sandbox allow-same-origin allow-scripts allow-top-navigation"
/>

📘
If your iframe already has allow or sandbox attributes, do not replace them. Instead, merge our required values into your existing attributes. For example:

If you have allow="payment", change it to allow="payment; camera".
If you have sandbox="allow-scripts", add our other sandbox values to it.

How iframe permissions work

Minimum required permissions

📘If your iframe already has allow or sandbox attributes, do not replace them. Instead, merge our required values into your existing attributes. For example:

📘
If your iframe already has allow or sandbox attributes, do not replace them. Instead, merge our required values into your existing attributes. For example: