SocialHub.AI
Book a demo
Resources · Developers

Member Portal Embed

Embed the SocialHub loyalty member portal directly into your own website — with single sign-on. Logged-in visitors see their points, coupons, and tier inside an iframe, with no second login.

Your backend signs a short-lived JWT (HS256) carrying the user's email; the SDK drops an iframe that SocialHub verifies and bridges to a member session. Sessions use a bearer token (no cookies), so third-party cookie blocking does not break it.

Set up the embed in SocialHubDeveloper Center
Overview

How it works

  1. 1

    Register an embed client

    In SocialHub, register a client for your site. SocialHub mints a public client_id and a one-time shared secret (shown only once). The secret lives only on your backend.

  2. 2

    Sign a short-lived JWT on your backend

    After a user logs into your site, sign a ≤5-minute HS256 JWT with the shared secret, carrying the user's email (iss = client_id). The secret must never reach the browser.

  3. 3

    Drop the SDK script on your page

    Add the <script> tag with data-token set to the JWT. The SDK builds the iframe, verifies the token, bridges to a member session, and auto-resizes the frame to its content.

Register your client in the app

The live, interactive embed configurator runs inside SocialHub — it needs you signed in to your team. There it registers an embed client and generates the signed snippet for you: your client_id and a one-time shared secret. The secret is displayed only once, so store it in your backend immediately. This page is the static reference; the configurator does the real setup.

Where do client_id and the secret come from?

From the in-app configurator — SocialHub generates both. The shared secret signs your embed JWTs and is separate from your REST API keys and from SocialHub's own session secret. Each client has its own secret, so a leak is isolated to one site.

Set up the embed in SocialHub

1. Drop the SDK on your page

Paste the snippet the configurator generates — it looks like this. Optional attributes: data-base-url (default https://flash.socialhub.ai), data-min-height (default 600).

<div id="flash-loyalty"></div>
<script src="https://flash.socialhub.ai/sdk/flash-portal.js"
        data-token="<JWT signed by your backend>"
        data-target="#flash-loyalty"></script>

2. Sign the JWT on your backend

The JWT must be signed on your backend — the shared secret must never reach the browser. Tokens are short-lived and single-use.

Node.js
import jwt from "jsonwebtoken";

const token = jwt.sign(
  {
    email: user.email,
    name: user.name,
    marketing_consent: user.optedInMarketing === true,
  },
  process.env.FLASH_EMBED_SECRET,           // your shared_secret
  { algorithm: "HS256", issuer: "<client_id>", expiresIn: "5m" }
);
// Render `token` into the script tag's data-token, or hand it
// to the browser via your own endpoint.
PHP (firebase/php-jwt)
use Firebase\JWT\JWT;

$token = JWT::encode([
  "iss" => "<client_id>",
  "email" => $user->email,
  "name" => $user->name,
  "marketing_consent" => false,
  "iat" => time(),
  "exp" => time() + 300,
], $sharedSecret, "HS256");

Ready to go live?

Register your embed client and grab your real client_id and shared secret in the SocialHub configurator, then paste the generated snippet above.

Set up the embed in SocialHub ↗SoCode for Claude CodeREST API Reference ↗Back to Developer Center