Embed

The embed system allows you to embed Orderly’s bridge management UI into your own application, letting your end users connect their own integrations. Manage embed configuration, create sessions, and issue publishable keys.

Get Embed Config

GET/api/embed/config

Retrieve the current embed configuration.

Requiredembed:manage

Returns the embed configuration for the current organization, including branding, allowed bridge types, and UI settings.


curl -X GET "https://api.orderly.dev/api/embed/config" \
  -H "Authorization: Bearer ord_sk_..."

Response


{
  "data": {
    "enabled": true,
    "allowed_bridge_types": ["shopify", "woocommerce", "amazon"],
    "branding": {
      "primary_color": "#4F46E5",
      "logo_url": "https://...",
      "company_name": "Acme Fulfillment"
    },
    "features": {
      "allow_oauth": true,
      "allow_api_key": true,
      "show_sync_status": true
    }
  }
}

Update Embed Config

PATCH/api/embed/config

Update the embed configuration.

Requiredembed:manage

Updates the embed configuration. Changes take effect immediately for all active embed sessions.

Request Body

Field	Type	Description
`enabled`	boolean	Enable or disable the embed system
`allowed_bridge_types`	string[]	Bridge type slugs users can connect
`branding`	object	Branding customization (colors, logo, company name)
`features`	object	Feature toggles for the embed UI


curl -X PATCH "https://api.orderly.dev/api/embed/config" \
  -H "Authorization: Bearer ord_sk_..." \
  -H "Content-Type: application/json" \
  -d '{
    "allowed_bridge_types": ["shopify", "woocommerce"],
    "branding": { "primary_color": "#059669" }
  }'

Create Session

POST/api/embed/sessions

Create an embed session for an end user.

Requiredembed:manage

Creates a short-lived session token for an end user to access the embed UI. The session is scoped to a specific end user and inherits the embed configuration.

Request Body

Field	Type	Required	Description
`end_user_id`	string	Yes	Your application’s user ID
`end_user_email`	string	No	End user’s email
`end_user_name`	string	No	End user’s display name
`expires_in`	number	No	Session lifetime in seconds (default: 3600)


curl -X POST "https://api.orderly.dev/api/embed/sessions" \
  -H "Authorization: Bearer ord_sk_..." \
  -H "Content-Type: application/json" \
  -d '{
    "end_user_id": "user_12345",
    "end_user_email": "merchant@store.com",
    "end_user_name": "Store Owner",
    "expires_in": 7200
  }'

Response


{
  "data": {
    "session_token": "emb_sess_a1b2c3d4...",
    "expires_at": "2026-01-15T12:30:00Z",
    "end_user_id": "user_12345"
  }
}

Create Publishable Key

POST/api/embed/publishable-keys

Create a publishable key for client-side embed initialization.

Requiredembed:manage

Creates a publishable key that can be safely included in client-side code. This key is used to initialize the embed SDK in the browser.

Request Body

Field	Type	Required	Description
`name`	string	Yes	Display name for the key
`allowed_origins`	string[]	Yes	Allowed origin URLs (CORS)


curl -X POST "https://api.orderly.dev/api/embed/publishable-keys" \
  -H "Authorization: Bearer ord_sk_..." \
  -H "Content-Type: application/json" \
  -d '{
    "name": "Production Widget",
    "allowed_origins": ["https://myapp.com", "https://staging.myapp.com"]
  }'

Response


{
  "data": {
    "id": "uuid",
    "name": "Production Widget",
    "publishable_key": "ord_pk_a1b2c3d4...",
    "allowed_origins": ["https://myapp.com", "https://staging.myapp.com"],
    "created_at": "2026-01-15T10:30:00Z"
  }
}