Skip to content
Platform integration/Iframe integration
Last updated

Iframe integration process

This section explains how to embed Spotnana as an iframe within your application using OAuth 2.0 token exchange authentication.

Overview

The integration consists of two parts:

  • Backend: Your server authenticates with Spotnana on behalf of your users. It sends a user token to Spotnana, and our system returns an access token and a refresh token. These tokens allow the iframe to load an authenticated session for that user.
  • Frontend: Your application loads the Spotnana iframe and handles a token exchange. When the iframe loads, Spotnana automatically sends your page a message requesting tokens. Your page responds with the tokens your backend obtained from Spotnana. This communication happens through the browser's postMessage API, which is the standard way for a parent page and an iframe on different domains to exchange data securely.

Spotnana URLs

The following are the base URLs to access the Spotnana platform:

Environment API URL Embed URL
Sandboxhttps://api-ext-sboxmeta.partners.spotnana.comhttps://sboxmeta-embed-app.partners.spotnana.com
Productionhttps://api.spotnana.comhttps://embed.spotnana.com

Sequence diagram

The sequence diagram below explains the token exchange flow between Spotnana and your application in an iframe integration:

Your user detail APISpotnana APIYour backend systemYour frontend applicationYour user detail APISpotnana APIYour backend systemYour frontend application1. Request Spotnana tokens2. Token exchange request (using the subject_token)3. GET user detail (using the subject_token as auth header)4. User email5. Tokens (i.e., access_token and refresh_token)6. Return tokens7. Render Spotnana iframe on your application.

Setup process

The information provided below explain the complete iframe setup process:

1. Backend setup

2. Frontend setup

3. Customize the appearance

Previous page
Next page
Copyright © 2026 Spotnana Technology, Inc.