> ## Documentation Index
> Fetch the complete documentation index at: https://docs.hitheo.ai/llms.txt
> Use this file to discover all available pages before exploring further.

# Verify Widget Installation

> Run pre-flight checks on a widget's configuration and (optionally) a live page.

Runs a series of checks and returns a list of results. With no `domain`, it checks the widget's own configuration (status, linked key, domain allowlist). With a `domain`, it also fetches that page to confirm the embed code is present and inspects the page's `Content-Security-Policy` for directives that would block the widget.

## Authentication

Requires a Bearer token (API key) or a dashboard session.

## Path Parameters

<ParamField path="id" type="string" required>
  The widget config UUID.
</ParamField>

## Request

<ParamField body="domain" type="string">
  Optional page URL to inspect. When provided, the page is fetched (with SSRF protection) and scanned for the embed snippet and CSP issues.
</ParamField>

## Response

<ResponseField name="checks" type="array">
  Each check: `name`, `status` (`pass` | `fail` | `warn`), `message`, and an optional `fix` snippet (e.g., a CSP directive to add to your site).
</ResponseField>

## Example

```bash curl theme={null}
curl -X POST https://www.hitheo.ai/api/v1/iframes/CONFIG_ID/verify \
  -H "Authorization: Bearer $THEO_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{ "domain": "https://example.com/contact" }'
```
