Configuration
Complete reference for widget tags, HTML attributes, DOM events, and the JavaScript API.
Widget Tags
Each widget type has its own custom element tag. Use the tag that matches the experience you want to embed.
| Tag | Widget Type |
|---|---|
| <rai-store-widget> | store |
| <rai-channel-widget> | channel |
| <rai-milestone-widget> | milestone |
| <rai-social-widget> | social |
| <rai-currency-widget> | currency-view |
| <rai-referral-widget> | referral-conditions |
| <rai-custom-widget> | custom |
Attributes
All attributes are set as HTML attributes on the widget tag. Boolean attributes are enabled when present.
| Attribute | Type | Default | Description |
|---|---|---|---|
| community-id | string | - | Required for non-custom widgets. Your community ID from Community Settings. Custom widgets use widget-id instead of community-id. |
| widget-id | string | - | Required for custom widgets only. Base64-encoded CustomWidget identifier from the admin panel. For <rai-custom-widget>, use this instead of community-id. |
| channel-id | string | - | Required for channel widgets. The channel ID to display. |
| widget-type | string | Inferred from tag | Widget type override. Usually inferred automatically from the tag name. |
| theme | "light" | "dark" | "light" | Visual theme. Applies to the widget chrome and iframe content. |
| width | string | "100%" | CSS width of the widget container. |
| height | string | "600px" | CSS height of the widget container. |
| api-url | string | Production widget API | Optional override for the widget API base URL. Current SDK builds default to Returning.AI production, so only set this for staging, private environments, or an explicit migration plan. |
| widget-url | string | Production widget frontend | Optional override for iframe mode. Base URL for the hosted widget frontend. Not needed in bundle mode unless Returning.AI gives you a custom iframe host. |
| v2-api-url | string | Production V2 API | Optional override for the V2 API (https://api-v2.returning.ai in production). Access Key Embed uses this host to call /v2/api/widget-access-keys/validate and verify the embed-token on load. |
| domain-key | string | Production default | Optional environment hint consumed by bundle mode. Set to PROD only when Returning.AI gives you an explicit multi-environment setup or older SDK compatibility requirement. Current production SDK embeds resolve the Returning.AI production hosts without requiring this attribute. Production deployments normally use prod-widgets.returning.ai. |
| auto-refresh | boolean | true | Auto-refresh access tokens for the legacy auth-url flow. No effect when embed-token is set - your app refreshes Access Key Embed by fetching a new token and updating the attribute. The SDK watches this attribute (added in 1.4.2); use the current release 1.5.1. It observes embed-token changes; call reload() as a fallback for older builds. See rai-error in DOM Events below. |
| debug | boolean | false | Verbose console logging. |
| eager | boolean | false | Load immediately instead of waiting until visible. |
| locale | string | "en" | BCP 47 locale tag (e.g. fr-FR). Controls widget text and number formatting. |
| max-retries | number | 3 | Maximum number of auth retry attempts on failure. |
| retry-delay | number | 500 | Milliseconds to wait between retry attempts. |
| height-debounce | number | 100 | Debounce interval (ms) for auto-height resize messages. |
| storage-prefix | string | "returning-ai-widget" | Prefix for localStorage keys used by the widget. Primarily applies to iframe / legacy auth-url flows which store refresh tokens locally. Access Key Embed does not store the embed-token itself - see Architecture > Token Storage for the full picture. |
| retry-label | string | "Retry" | Label text for the retry button shown on auth errors. |
| custom-data | string (JSON) | - | JSON object forwarded to the widget. Pass as a JSON-encoded string attribute. |
| embed-token | string | - | Short-lived gate token from the Access Key API. The SDK validates it before continuing auth startup, then uses the signed user identifier claims from the token. This is the only browser-visible auth field recommended for backend-capable integrations. |
| bundle-url | string | - | URL for the widget bundle JS. When set, enables bundle mode (light DOM rendering, no iframe). |
| auth-url | string | - | (Legacy) URL for token authentication. Use embed-token instead for new integrations. |
| data-widget-id | string | - | Your widget ID (pre-encoded, from dashboard). Required for script-tag embed. Set as a data-* attribute on the SDK script tag. |
| data-widget-type | string | - | Widget type for script-tag embed: store, channel, milestone, social, currency-view, referral-conditions, custom. Required for script-tag embed. |
| data-email | string | - | Legacy attribute-auth identifier. Prefer a stable field like data-customer-id when you can instead of exposing email in the browser. |
| data-user-id | string | - | Legacy attribute-auth identifier. Acceptable if it already exists in your platform and you do not have a better broker-owned customer ID. |
| data-user-objectid | string | - | Legacy attribute-auth identifier. Only use if you already persist the Returning.AI-side user object ID and explicitly want to expose it in the browser. |
| data-username | string | - | Legacy attribute-auth field. Do not treat display names as your primary secure identifier. |
DOM Events
Widgets dispatch custom DOM events that bubble up from the element. Listen with addEventListener or framework equivalents.
| Event | Detail Payload | Fires When |
|---|---|---|
| rai-authenticated | {} | Auth flow completes successfully. |
| rai-ready | {} | Widget iframe has loaded and is interactive. |
| rai-error | { message: string } | An auth or loading error occurs. |
| rai-logout | {} | The user session is cleared (token expired or manual logout). |
| rai-mounted | {} | Widget has mounted into the DOM (bundle mode only). Equivalent of rai-ready for iframe mode. |
| rai-height-change | { height: number } | Widget content height changes (for auto-sizing containers). |
Public API
The SDK exposes a global object for imperative control. Use it to programmatically reload auth, log out, or inspect authentication state.
// Access the global API
const widget = window.ReturningAIWidget
// SDK version
widget.version // current SDK version
// Re-run the auth flow (e.g. after user logs in on your side)
await widget.reload()
// Clear tokens and remove the iframe
await widget.logout()
// Check authentication state
widget.isAuthenticated() // boolean
// Inspect token metadata (no raw token values exposed)
widget.getTokenInfo()Store callbacks (SDK 1.5.0+)
Store and custom-store widgets can ask your page for purchase field options at runtime. Use callbackFieldOptions when the selectable values must come from the broker's backend.
const widget = document.querySelector('rai-store-widget')
widget.registerCallback('callbackFieldOptions', async (payload) => {
const response = await fetch('/api/returningai/store-field-options', {
method: 'POST',
headers: { 'Content-Type': 'application/json' },
body: JSON.stringify(payload),
})
return response.json() // { fieldOptions, signature }
})
widget.lockCallbacks()Register callbacks on each widget element before calling widget.lockCallbacks(). The browser callback calls your backend, and your backend returns { fieldOptions, signature }. Mint the signature server-side - never call the ReturningAI callback-signature endpoint from browser code. This works in iframe and bundle mode. The SDK exports TypeScript types for payloads, results, and callbacks: StoreCallbackFieldOptionsPayload, StoreCallbackFieldOptionsResult, and ReturningAIStoreCallbackFieldOptionsCallback.