Solved

Is it possible to add trusted domains for the embeddable widgets via an API?

  • 2 January 2019
  • 4 replies
  • 143 views
Koen Sterken
Hi!



First of all: happy new year to you all! 🎉🎉🎉



We are going to implement to embeddable widget in our software. We've only got one issue for our on-premise customers: since they can determine themself how their URL will look like, it is not possible to have the embeddable widget for them, unless we take on a load of administration to make sure all domains are in the trusted domains for the embeddable widget.



Because we have a lot of customers running our software on-premise, and they change the url for time to time (when a new manager is in town, and he/she comes up with an even better url), the workload to get the trusted domains in sync is unacceptable. Simply to much red tape.



There are two imho two options:


  1. Make it possible to use the widget without trusted domains. But there are security/financial risks.
  2. Have an API that can add a trusted domain to the list of trusted domains. There is a small issue here, because the validation for trusted domains requires it to have a . character, while some of our customers use our software under f.i. http://insided

I've looked in the API documentation, and I couldn't find this possibility.



Did I overlook an other possibility?
icon

Best answer by daniel.boon 4 January 2019, 11:41

View original

4 replies

Koen Sterken
Maybe we can do something ourselfs by rendering a iframe that only imports the script. That way we can run the script on a domain that is trusted, using it in a domain that is untrusted.



Or do you guys think that solution is... filthy?
daniel.boon
Rank
Badge
Hey Koen - Happy New Year!



You're correct - there's currently no way to achieve this through a public API.



Not sure about your iframe idea - I wouldn't call it filthy since I'm not sure how it would work 😬, but maybe worth an investigation!



As you said, option #1 is a bit dodgy, especially considering the financial implications for pricing of the embeddables.



For option #2, the effort required to achieve this would be reasonably high, and would stop us working on other improvements, so it's a 'not now', right now at least (but not a never!).



However, I'd really love to see you guys using the embeddables in-app, so I'll make sure to keep the problem and the options you mentioned on my radar.
inSided product alumnus
Koen Sterken
Thanks @daniel.boon!



For now we are going to implement the widget as a trial in our software for all our SaaS customers, so the trusted domains aren't an direct issue. When the trial is successful we'll give the iframe solution a try. Whatever the results may be: I'll post the results on your community so maybe other people can use that solution as well (or, know that it cannot be fixed with my suggested workaround).



As a fellow product owner I understand your 'not now' 🙂
daniel.boon
Rank
Badge
Sounds like a good way forwards Koen!



Looking forward to seeing the results of your trial 🙂
inSided product alumnus

Reply


Terms & ConditionsCookie settings