Integration GuideAPI Reference
Integration Guide
  1. Checkout Form

Iframe embedding

Render the hosted checkout form inside your page and listen to postMessage events to drive your own UX.

Before you start

โš ๏ธ

Origin allow-list required

By default the checkout responds with Unauthorized โ€” this page cannot be embedded from this origin when loaded inside an <iframe>. Send us the origin (or list of origins) you plan to embed from and we'll allow them.

๐Ÿ“˜

Same customization as the standalone checkout

Form appearance, locale, payment methods and branding are configured the same way as the standalone checkout โ€” see Hosted Checkout customization.

Embedding

<iframe
  src="https://checkout.carusell.world/s/{sessionId}"
  width="100%"
  height="720">
</iframe>

Inside an iframe:

  • All outbound links open in a new tab.
  • The Back to store button emits a postMessage instead of navigating.

Listening to events

The iframe posts messages to the parent window. PaymentInfo (used as payload by several events):

{
  paymentMethod: CARD,
  paymentId: string,
  paymentStatus: AUTHORIZED,
}

Events

Every event carries sessionId and intentId at the top level. Only payload varies between events.

typesessionIdintentIdpayloadFires when
SESSION_METADATA_SENTโœ“โœ“โ€”The iframe is ready โ€” use as a handshake.
CHECKOUT_LOADEDโœ“โœ“โ€”The form has rendered and is interactive.

Updated 39 minutes ago