# Customizing the appearance of iframe

You can customize the branding and appearance of the Spotnana platform on your webpage. Administrators can use the [platform branding customization document](https://university.spotnana.com/pages/tmc-help-center-topics/resources/0199ba18-f4b5-7b50-a2a4-36abf8de32a7) to add custom branding.

## Security considerations

Here are some important points to keep in mind while implementing the iframe integration:

1. **Origin validation:** Spotnana validates the origin of incoming `postMessage` events. Your domain must be [whitelisted](https://en.wikipedia.org/wiki/Whitelist) by Spotnana before the integration can work. For local development and testing, the `localhost:3000` URL is permitted by default.
2. **Credentials security:** Never expose your client ID or client secret in your codebase. All token exchange requests must go through your backend systems.
3. **Secure token handling:** Store tokens securely on your backend. Only pass tokens to the frontend when responding to a [TOKEN_EXCHANGE_REQUEST](#frontend-token-exchange-process) from the iframe.