Verify Widget Installation

POST

api

iframes

{id}

verify

Verify Widget Installation

curl --request POST \
  --url https://api.example.com/api/v1/iframes/{id}/verify \
  --header 'Content-Type: application/json' \
  --data '
{
  "domain": "<string>"
}
'

{
  "checks": [
    {}
  ]
}

Runs a series of checks and returns a list of results. With no domain, it checks the widget’s own configuration (status, linked key, domain allowlist). With a domain, it also fetches that page to confirm the embed code is present and inspects the page’s Content-Security-Policy for directives that would block the widget.

Authentication

Requires a Bearer token (API key) or a dashboard session.

Path Parameters

string

required

The widget config UUID.

Request

domain

string

Optional page URL to inspect. When provided, the page is fetched (with SSRF protection) and scanned for the embed snippet and CSP issues.

Response

checks

array

Each check: name, status (pass | fail | warn), message, and an optional fix snippet (e.g., a CSP directive to add to your site).

Example

curl

curl -X POST https://www.hitheo.ai/api/v1/iframes/CONFIG_ID/verify \
  -H "Authorization: Bearer $THEO_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{ "domain": "https://example.com/contact" }'

Release Session

List Guardrail Policies

⌘I

Verify Widget Installation

curl --request POST \
  --url https://api.example.com/api/v1/iframes/{id}/verify \
  --header 'Content-Type: application/json' \
  --data '
{
  "domain": "<string>"
}
'

{
  "checks": [
    {}
  ]
}

​Authentication

​Path Parameters

​Request

​Response

​Example

Authentication

Path Parameters

Request

Response

Example