> ## Documentation Index
> Fetch the complete documentation index at: https://docs.lendpathway.com/llms.txt
> Use this file to discover all available pages before exploring further.

# Embed

> Generate secure embed tokens and iframe Pathway reports into your product.

## Overview

The embed system lets you display a fully rendered, read-only Pathway book inside an iframe in your own app. Your users don't need API credentials. The embed token handles access.

**Flow:**

1. Use your PAT to create an embed token for a book
2. Drop the token into the iframe URL
3. Done your users see the live financial report

***

## Create an embed token

```
POST /embed/token
```

<ParamField body="book_id" type="string" required>
  UUID of the book to embed.
</ParamField>

<ParamField body="permanent" type="boolean" default="false">
  If `true`, the token never expires. Default tokens expire after 24 hours. Use `permanent: true` for landing pages or persistent embeds.
</ParamField>

```python theme={null}
import requests

API_BASE = "https://api.lendpathway.com/api"
APP_BASE = "https://app.lendpathway.com"
TOKEN = "pat_your_token_here"

r = requests.post(
    f"{API_BASE}/embed/token",
    headers={"Authorization": f"Bearer {TOKEN}"},
    json={"book_id": "your-book-id-here", "permanent": True}
)

data = r.json()
embed_url = f"{APP_BASE}/embed/book/{data['embed_token']}"
print(embed_url)
```

**Response**

```json theme={null}
{
  "embed_token": "emb_VWUCi3ml0L05CSkgZNBli4hKs8ObZrzaO9XGRUySJ8A",
  "book_id": "99cc93e6-1f3f-42b1-9fe4-ba5a95be9c78",
  "expires_at": null
}
```

`expires_at` is `null` for permanent tokens, or an ISO timestamp for 24-hour tokens.

<Note>
  One token per book. If a valid token already exists for the book, the same token is returned.
</Note>

***

## Embed in an iframe

```html theme={null}
<iframe
  src="https://app.lendpathway.com/embed/book/emb_your_token_here?theme=light"
  width="100%"
  height="800"
  frameborder="0"
/>
```

**Query parameters**

<ParamField query="theme" type="string">
  `light` or `dark`. Defaults to dark if not specified.
</ParamField>

***

## Embed routes

Two pages are available for embedding:

| Route                   | What it shows                                                              |
| ----------------------- | -------------------------------------------------------------------------- |
| `/embed/book/:token`    | Full book view synopsis, transactions, credit report, tax forms, documents |
| `/embed/funders/:token` | Your organization's funder directory                                       |

The same token works for both routes.

```html theme={null}
<!-- Book view -->
<iframe src="https://app.lendpathway.com/embed/book/emb_xxx?theme=light" />

<!-- Funder directory -->
<iframe src="https://app.lendpathway.com/embed/funders/emb_xxx?theme=light" />
```

***

## Security

Embed tokens are **read-only**. All write operations (upload, parse, edit) are blocked at the server the token cannot be used to modify anything. The token is also scoped to a single book, so it cannot access other books in your org.

***

## Get embed book data (API)

If you want to fetch the book data programmatically without an iframe, use the public endpoint. No auth header required the token in the URL is sufficient.

```
GET /embed/book/:token
```

```python theme={null}
import requests

r = requests.get(f"https://api.lendpathway.com/api/embed/book/{embed_token}")
data = r.json()

book = data["book"]
analytics = data["analytics"]   # None if not yet parsed
tag_config = data["tagConfig"]
documents = data["documents"]
```

This is the same endpoint the iframe uses internally.

***

## Validate a token

Check whether an embed token is still valid.

```
GET /embed/validate/:token
```

```python theme={null}
r = requests.get(f"https://api.lendpathway.com/api/embed/validate/{embed_token}")
if r.ok:
    print(r.json())  # {"valid": true, "org_id": "...", "book_id": "..."}
else:
    print("Token expired or invalid")
```
