Sphere Engine Containers Workspace provides mechanisms for secure integration. workspace_token protects the workspace from unauthorized use.
Workspace token
In a production environment, we recommend using the workspace_token that fully protects the widget from unauthorized use.
It should be enabled in the API call which creates the workspace.
curl -X POST -F "project_id=__PUT_HERE_PROJECT_ID__" -F "workspace_token_required=true" "https://<customer_id>.containers.sphere-engine.com/api/v1/workspaces?access_token=<access_token>"Attaching a workspace token
Workspace token should be attached to the embedded workspace in the form of the appropriate HTML attributes with the data-prefix:
- data-workspace-token for the
workspace-tokenparameter,
An example of HTML code used to embed a widget prepared to support the signature:
<div class="se-workspace"
data-workspace="__PUT_HERE_WORKSPACE_ID_FROM_JSON_RESPONSE__"
data-workspace-token="__PUT_HERE_WORKSPACE_TOKEN_FROM_JSON_RESPONSE__">
</div>