Skip to main content

Overview

The embed system lets you display a fully rendered, read-only Pathway book inside an iframe in your own app. Your users don’t need API credentials. The embed token handles access. Flow:
  1. Use your PAT to create an embed token for a book
  2. Drop the token into the iframe URL
  3. Done your users see the live financial report

Create an embed token

POST /embed/token
book_id
string
required
UUID of the book to embed.
permanent
boolean
default:"false"
If true, the token never expires. Default tokens expire after 24 hours. Use permanent: true for landing pages or persistent embeds.
import requests

API_BASE = "https://api.lendpathway.com/api"
APP_BASE = "https://app.lendpathway.com"
TOKEN = "pat_your_token_here"

r = requests.post(
    f"{API_BASE}/embed/token",
    headers={"Authorization": f"Bearer {TOKEN}"},
    json={"book_id": "your-book-id-here", "permanent": True}
)

data = r.json()
embed_url = f"{APP_BASE}/embed/book/{data['embed_token']}"
print(embed_url)
Response 
{
  "embed_token": "emb_VWUCi3ml0L05CSkgZNBli4hKs8ObZrzaO9XGRUySJ8A",
  "book_id": "99cc93e6-1f3f-42b1-9fe4-ba5a95be9c78",
  "expires_at": null
}
expires_at is null for permanent tokens, or an ISO timestamp for 24-hour tokens.
One token per book. If a valid token already exists for the book, the same token is returned.

Embed in an iframe

<iframe
  src="https://app.lendpathway.com/embed/book/emb_your_token_here?theme=light"
  width="100%"
  height="800"
  frameborder="0"
/>
Query parameters
theme
string
light or dark. Defaults to dark if not specified.

Embed routes

Two pages are available for embedding:
RouteWhat it shows
/embed/book/:tokenFull book view synopsis, transactions, credit report, tax forms, documents
/embed/funders/:tokenYour organization’s funder directory
The same token works for both routes. 
<!-- Book view -->
<iframe src="https://app.lendpathway.com/embed/book/emb_xxx?theme=light" />

<!-- Funder directory -->
<iframe src="https://app.lendpathway.com/embed/funders/emb_xxx?theme=light" />

Security

Embed tokens are read-only. All write operations (upload, parse, edit) are blocked at the server the token cannot be used to modify anything. The token is also scoped to a single book, so it cannot access other books in your org.

Get embed book data (API)

If you want to fetch the book data programmatically without an iframe, use the public endpoint. No auth header required the token in the URL is sufficient. 
GET /embed/book/:token

import requests

r = requests.get(f"https://api.lendpathway.com/api/embed/book/{embed_token}")
data = r.json()

book = data["book"]
analytics = data["analytics"]   # None if not yet parsed
tag_config = data["tagConfig"]
documents = data["documents"]
This is the same endpoint the iframe uses internally.

Validate a token

Check whether an embed token is still valid. 
GET /embed/validate/:token

r = requests.get(f"https://api.lendpathway.com/api/embed/validate/{embed_token}")
if r.ok:
    print(r.json())  # {"valid": true, "org_id": "...", "book_id": "..."}
else:
    print("Token expired or invalid")