Skip to main content
Skip table of contents

Embedding settings

Take me to my embedding settings.

Embedding is only available for ShapeDiver users with a paid subscription.

Some ShapeDiver accounts let users embed online models in external websites and applications, either through iframe embedding or through direct embedding using the viewer API.

Each ShapeDiver account only allows embedding in a limited number of external domains, which varies depending on the type of account. In the “Settings” screen of the user dashboard, users can check how many external domains are enabled for their account, as well as add and/or remove domains from their list. They can also enforce strong authorization for all embedded models of their account.

Domain whitelist

In this subsection, users can add and remove domains from the list of allowed domains for embedding.

Domain formatting

Add only full domains to the list (that is the hostname part of your URL, including the port number if you are using a non-standard one, i.e. everything after http:// https://). Be aware that the precise hostname is being checked, i.e. subdomains need to be added individually. As an example allowing for embedding does not automatically allow

Local testing

You can add local hostnames and ports in order to set up a local development environment (e.g. localhost:8081 or Those domains do not count towards your domain limit, therefore you can setup as many as you want.

Domains of the form *.local and *.localhost (with optional ports as well) also do not count towards your domain limit.

Once you have added domains to the list, make sure you enable embedding in the models you wish to embed on your website.


In this subsection, users can decide whether they want to enforce strong authorization for all embedded models.

Require strong authorization

If this setting is turned on, any embedded model will be protected through a secure JWT mechanism, about which you can read more here. In this case, it will not be possible to disable strong authorization on a per-model basis.

If this setting is turned off, you will still have the ability to turn strong authorization on and off directly in the model edit page of each model, in the Developers settings.

The strong authorization mechanism adds a layer of security to models embedded through iframes, direct embedding and accessed through the backend API. It requires however additional setup and implementation effort which might not be suitable or practical for all applications. As a general rule, we recommend enabling strong authorization for models embedded through iframes but consider that session-based authorization is sufficient for many web applications like e-commerce configurators.

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.