Embedded Workspaces with Session-Based Access

You can now embed key Meshes workspace pages directly inside your own product with session-based access and an iframe-ready launch flow.

This release adds a new embedded workspace surface for teams that want to expose integrations to their own customers without sending them to a separate admin app. Your backend mints a short-lived session, your frontend mounts the returned launch_url, and the embedded experience handles refresh, navigation, and resizing through a small postMessage contract.

What is included

• Embedded workspace pages for dashboard, connections, rules, events, event detail, and connection mappings
• Session minting and refresh with POST /api/v1/sessions and POST /api/v1/sessions/:sessionId/refresh
• Launch URLs for iframe bootstrap
• Iframe messaging for ready, auth, refresh, expired, navigation, and resize events
• Scoped payload access with the events.payload:read session scope

What this unlocks

• expose customer-specific integration settings inside your own app
• keep access scoped to a single Meshes workspace
• refresh embedded access without remounting the entire iframe
• handle iframe height and token refresh from your host app

Typical integration flow

1. your backend mints a session for the correct workspace
2. your frontend mounts the returned launch_url
3. the iframe sends meshes:ready
4. your frontend sends meshes:auth with the current access_token
5. your frontend refreshes the session when the iframe asks for a new token

Learn more

• Embed overview
• Embed quickstart
• Session API overview
• Iframe message contract