Docs

Practical guides for embedding tools safely. Everything here is designed to be copy/paste friendly.

Start here

If you’re new, follow Quickstart. Then choose iframe embed or Widget Mode.

Create → Go Live → Token → Embed in ~5 minutes.

Drop-in SDK with postMessage auth (token never in URL).

Token rules, embed auth, and BYOK for LLM tools.

Quotas, rate limiting, and daily reset (00:00 UTC).

Canonical errors (missing_auth, invalid_token, byok_required, …).

Common questions & troubleshooting.

Canonical rules (do not break)

Embed tokens are mtok_… and must be sent via header: x-microapp-embed-token.
Token is never accepted via query string. Don’t put tokens in iframe URLs.
LLM tools require BYOK (owner’s AI key). If no key is configured, runs must be blocked with byok_required and be side-effect-free.