Iframe integration process
Copy for LLM
Copy page as Markdown for LLMs
View as Markdown
Open this page as Markdown
Open in ChatGPT
Get insights from ChatGPT
Open in Claude
Get insights from Claude
Connect to Cursor
Install MCP server on Cursor
Connect to VS Code
Install MCP server on VS Code

This section explains how to embed Spotnana as an iframe within your application using OAuth 2.0 token exchange authentication.

Overview

The integration consists of two parts:

Backend: Your server authenticates with Spotnana on behalf of your users. It sends a user token to Spotnana, and our system returns an access token and a refresh token. These tokens allow the iframe to load an authenticated session for that user.
Frontend: Your application loads the Spotnana iframe and handles a token exchange. When the iframe loads, Spotnana automatically sends your page a message requesting tokens. Your page responds with the tokens your backend obtained from Spotnana. This communication happens through the browser's postMessage API, which is the standard way for a parent page and an iframe on different domains to exchange data securely.

The following are the base URLs to access the Spotnana platform:

Environment	API URL	Embed URL
Sandbox	https://api-ext-sboxmeta.partners.spotnana.com	https://sboxmeta-embed-app.partners.spotnana.com
Production	https://api.spotnana.com	https://embed.spotnana.com

The sequence diagram below explains the token exchange flow between Spotnana and your application in an iframe integration: