Organization Embedding Settings
Take me to my organization embedding settings.
If you are part of an organization, users have the possibility to embed online models in external websites and applications, either through iframe embedding or through direct embedding using the viewer API.
Each ShapeDiver organization only allows embedding in a limited number of external domains, which varies depending on the organization. In the “Organization Embedding Settings” screen of the user dashboard, members of the organization can check how many external domains are enabled for their organization. Owners and administrators of the organization can also add and remove domains from the list.
Note the difference with single ShapeDiver users (outside of organizations): if you are part of an organization, you cannot directly add and remove domains from the account’s Embedding settings screen.
Domain whitelist
In this subsection, the list of allowed domains for embedding can be reviewed by anyone in the organization. Additionally, Owners and Administrators can add and remove domains from the list.
Domain formatting
Add only full domains to the list (that is the hostname part of your URL, including the port number if you are using a non-standard one, i.e. everything after http:// https://). Be aware that the precise hostname is being checked, i.e. subdomains need to be added individually. As an example allowing shapediver.com
for embedding does not automatically allow www.shapediver.com
.
Local testing
You can add local hostnames and ports in order to set up a local development environment (e.g. localhost:8081
or 127.0.0.1:8080
). Those domains do not count towards your domain limit, therefore you can setup as many as you want.
Domains of the form *.local
and *.localhost
(with optional ports as well) also do not count towards your domain limit.
Once domains are added to the list, users should make sure to enable embedding for the models they wish to embed on their website.
Security
In this subsection, Owners and Administrators can decide whether they want to enforce strong authorization for all users in the organization.
Require strong authorization
If this setting is turned on, any embedded model from any user in the organization will be protected through a secure JWT mechanism, about which you can read more here. In this case, it will not be possible for users to disable strong authorization for their account or on a per-model basis.
If this setting is turned off, users still have the ability to turn strong authorization on and off for their personal account in their own Embedding settings screen, as well as on a per-model basis in the model edit page of the model, in the model’s Developers settings.
The strong authorization mechanism adds a layer of security to models embedded through iframes, direct embedding and accessed through the backend API. It requires however additional setup and implementation effort which might not be suitable or practical for all applications. As a general rule, we recommend enabling strong authorization for models embedded through iframes but consider that session-based authorization is sufficient for many web applications like e-commerce configurators.