Use the Web SDK when Link should run inside your browser application. The Web SDK supports callbacks and frontend control over when Link opens and closes.
If you need iframe isolation, use the Web SDK with connectUrl instead of loading Hosted Link inside an iframe. Hosted Link is intended to be launched directly.
User tokens and session links both expire after one hour. Create a fresh user token before initializing Link with userToken, or create a new session link for an active verification before initializing Link with connectUrl.
Before you start
- When using a webview component, make sure
localStorage is enabled, domStorageEnabled is set to true, and incognito is set to false.
- If your security policy limits outgoing traffic, allow Link API calls by whitelisting outgoing traffic from Link with these content sources at minimum:
<meta http-equiv="Content-Security-Policy" content="connect-src https://*.argyle.com; worker-src 'self' blob:" />
Initialize with userToken
Use this path for direct embedded Link implementations that use user tokens.
Create a user token on your server:
- New users: create the user via
POST /v2/users and use the returned user_token.
- Returning users: create a new token via
POST /v2/user-tokens and use the returned user_token.
Initialize Link with the Web SDK:
<!DOCTYPE html>
<html>
<head>
<meta charset="utf-8" />
<!-- This is needed in order to apply proper scaling on mobile devices -->
<meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" />
</head>
<body>
<script src="https://plugin.argyle.com/argyle.web.v5.js"></script>
<script type="text/javascript">
const linkInstance = Argyle.create({
userToken: 'USER_TOKEN',
sandbox: true, // Set to false for production environment.
// (Optional) Add a Link flow customization created in Console:
// flowId: '<ID of the Link flow>',
// (Optional) Limit Link search to specific Items:
// items: ['item_000000001', 'item_000000002'],
// (Optional) Connect directly to an existing account:
// accountId: '<ID of the account>',
// (Optional) Set a language. Options: EN, ES, RU, ZH
// language: 'EN',
// (Optional) A few recommended callbacks:
onAccountConnected: payload => console.log('onAccountConnected', payload),
onAccountError: payload => console.log('onAccountError', payload),
onTokenExpired: updateToken => {
console.log('onTokenExpired')
// Generate a new user token.
// updateToken(newToken)
}
})
linkInstance.open()
// linkInstance.close() // Manually close Link (typically the user closes Link).
</script>
</body>
</html>
Initialize with connectUrl
Use this path when your backend creates a verification session.
- Create a session via
POST /v2/sessions.
- Copy the response
link.
- Pass that value as
connectUrl in your Web SDK initialization.
The session URL already determines whether Link runs in Sandbox or Production. Do not pass sandbox with connectUrl.
<!DOCTYPE html>
<html>
<head>
<meta charset="utf-8" />
<!-- This is needed in order to apply proper scaling on mobile devices -->
<meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" />
</head>
<body>
<script src="https://plugin.argyle.com/argyle.web.v5.js"></script>
<script type="text/javascript">
const linkInstance = Argyle.create({
connectUrl: 'SESSION_LINK',
// (Optional) A few recommended callbacks:
onAccountConnected: payload => console.log('onAccountConnected', payload),
onAccountError: payload => console.log('onAccountError', payload)
})
linkInstance.open()
// linkInstance.close() // Manually close Link (typically the user closes Link).
</script>
</body>
</html>
Track Link activity
Embedded Web Link supports callbacks, including onAccountConnected, onAccountError, onClose, and onTokenExpired.
For verification workflows, also subscribe to verifications.updated webhooks so your backend can track the verification lifecycle. 
