Skip to main content
POST
/
v1
/
embed
/
sessions
Mint an embed session
curl --request POST \
  --url https://api.craftkit.dev/v1/embed/sessions \
  --header 'Authorization: Bearer <token>' \
  --header 'Content-Type: application/json' \
  --data '
{
  "tenant": {
    "externalId": "org_123",
    "displayName": "Acme Corp"
  },
  "actor": {
    "externalId": "user_456",
    "displayName": "Jane Doe",
    "email": "jane@example.com"
  },
  "scope": {
    "mode": "edit",
    "templateExternalId": "7c9f0b2e-2b1a-4f3d-9c8e-1a2b3c4d5e6f"
  }
}
'
{
  "session_id": "1d2c3b4a-5e6f-7081-92a3-b4c5d6e7f809",
  "session_token": "eyJhbGciOiJFZERTQSJ9...",
  "iframe_url": "https://embed.craftkit.dev/builder?session=...",
  "expires_at": "2026-06-21T11:00:00.000Z",
  "renew_token": "rt_abc123"
}

Authorizations

Authorization
string
header
required

Project API key (ck_live_… or ck_test_…) presented as a bearer token. For embed partner endpoints this is the partner secret key, which is the same credential type.

Body

application/json
tenant
object
required
actor
object
required
scope
object
variableCatalog
object
catalogRef
object
permissions
object
permissionsPreset
string
Maximum string length: 60
branding
object
appearance
object
callbacks
object
limits
object
form
object

Response

Session minted.

snake_case response from session mint/refresh.

session_id
string<uuid>
required
session_token
string
required
iframe_url
string<uri>
required
expires_at
string<date-time>
required
renew_token
string
required