Getting started

In this article:

What you get

The Embedded App SDK has a robust window.postMessage API that provides:

  • Custom modal windows
  • Alert, confirm and input dialogs
  • Top bar with icon, breadcrumbs, buttons, pagination and dropdown menus
  • Flash messages

Enabling the Embedded App SDK

First, follow the Getting Started guide to create a development shop and an app.

Once you have a Partner account and an app, in your Partners dashboard, find the section titled "Embedded settings" and select the "Enabled" radio button.



Enabling this for existing apps that are not designed to use the SDK will result in users being unable to use your app. Once enabled, haravan will attempt to load your app inside an iframe.

HTTPS, SSL Certificates and mixed content restrictions

The haravan Admin uses HTTPS for all pages. Mixed content restrictions in web browsers requires all embedded applications to also run on HTTPS.

Publishing an embedded app in the App Store requires the app to have an SSL certificate. Failure to use SSL when running an embedded app will cause errors in web browsers, due to mixed content restrictions.


Developing locally without an SSL certificate can be done simply by many browsers by "allowing un-safe scripts" or disabling mixed content restrictions.


OAuth will behave normally in your app, as it would for any other haravan apps or other OAuth enabled services with one caveat:

Since the application is loaded inside an iframe it is critical that the initial OAuth request redirect escapes the iframe to make the requests. haravan returns the X-Frame-Options=DENY header and prevents any haravan admin pages from being loaded inside an iframe.

This means that where the OAuth process would normally begin with:

redirect_to "/auth/haravan?shop=myshopname"

It should now return a page containing:

<script type='text/javascript'> = '/auth/haravan?shop=myshopname';


The above example assumes you're using the haravan Omniauth gem. If not, replace /auth/haravan with the supported endpoint.

Read more about how to use OAuth with haravan ›

Haravan - Công ty công nghệ cung cấp giải pháp kinh doanh thương mại điện tử, duy nhất tại Việt Nam được Google lựa chọn vào chương trình bệ phóng tiềm năng với hỗ trợ và đào tạo công nghệ để vươn ra thị trường quốc tế vững chắc.