Failed at calling the Embed Viewer endpoint with the embed session token get a 200 response.
I do not want to use the document picker component, so instead I have created a lucidchart document, generated an embedId for the document (confirmed docId is correct) by calling Create Document Embed, then use the embedId in step 2 above when creating the embed session token.
However, I keep getting 404 Not Found when calling Embed Viewer with the embed session token.
Call embed session token with embedId from step 3 to get an embed session token
Call Embed Viewer with embed session token from step 4 and observe a 404.
NOTE I am making the requests from the api docs, not cURL via command line.
Page 1 / 1
Hello Msommer,
I have followed your Steps to reproduce and am getting the same result. Investigating now, and will be in touch soon.
Status Update:
I have been unable to find a cause and have reached out to Senior Engineers for support. I expect that sometime tomorrow we will be able to identify what is causing the failure and provide a ETA when we expect it to be fixed.
Thank you for your patience.
Thanks Michael,
I appreciate the updates!
Msommer,
Can you try again now? I believe we have resolved the issue, but am not absolutely sure its the one affecting you.
Hello Michael,
I am still getting the 404 not found.
Hmmm, very strange. We are getting inconsistent behavior. Continuing my investigations.
Are you now getting the expected results?
One thing to note. For this api call, I am entering a dummy origin parameter.
When I inspect the returned JWT, it looks correct, but would passing the jwt/token to this api with some dummy origin result in a NOT FOUND?
Also, side question about this api. Are there any document side effects associated with this call such as permissions mutations or the doc being published as a result of calling this API for a particular document?
`Not Found` should only be returned if the `document` or the `embed` can not be found. I believe there is an issue with the data-store on our side causing the issue. That is under investigation.
No, there are no side-effects with the calls themselves. Creating an embed and embedding cause no change in permission to the documents in and off themselves. Where you post the embed and what users do on the document in the embed could affect access, but these API calls themselves do not.
Thanks!
Hey Msommer, we believe we have been able to identify the issue. The command listed in the API docs is unfortunately misconfigured and there is a small error in the documentation as well that would have prevented the iframe from working properly. I’ll list out the details of that here while we work on the fixes.
The documentation for the embedded viewer has the iframe’s src parameter wrapped in angle brackets like so
The other issue is in the Try It feature for the embedded viewer documentation. It has the url listed as
https://api.lucid.co/embeds
This is incorrect. It should be the following
https://lucid.app/embeds
For now, I would recommend testing the embed iframe in some form of sandbox environment that lets you add custom html with the fixes I described above instead of the Try It feature in the documentation. Something like W3Schools html sandbox for example.
We are working on fixes to the documentation to remedy those issues. In the meantime, if you run into any additional issues please let us know.
Thanks for the response, this is helpful!
I have been building something in a sandbox environment and will be testing soon.
I would like to confirm the following.
You mention the embed viewer API Try it feature should point to `https://lucid.app/embeds`, is this just for the documentation or should I also be pointing to this endpoint in the application I am building?
The `https://lucid.app/embeds….` is the URI that I would use for both testing and for the application you are building.
There is a long form explanation for this, but the short answer is yes. The other endpoints you listed are correct with regards to their URL. The embedded viewer is a unique case where the `api.lucid.co` URI is not used in favor of the `lucid.app` counterpart.
Please let me know if that answers your question and if you run into any additional issues.
@chasefreeman @Michael B
I finally built a sandbox application that correctly
However when making a GET request to the Embed Viewer endpoint with the embed session token and the modified url of https://lucid.app/embeds I am still getting a 404 not found.
When creating an embed session token, does the origin parameter inform how the embed viewer endpoint behaves? Like if the source making the embed viewer call does not match the origin param, will a 404 be returned?
I am reviewing your post and the logs to help figure out whats happening. I will be in touch.
I still have not found an answer to why you are seeing a 404. For certainty, if you hit the embed route with a fake token, what do you get? An image of me doing it is attached. I expect you would see the same. (Of course, a real token should return the embed)
For your questions:
The “origin” defines what domain is allowed to show your embed. When the embed session token is used to retreive the embed, we will check the host of the request `referrer` header and it must match the “origin” provided when the session token was generated. This prevents attacks where a different site gets the token and tries to render the embed.
Yes, https://lucid.app/embeds is the correct route to retreive the embedded document web component. It is enabled to be wrapped in an iframe.
Thanks @Michael B
I still get a 404 from my sandbox app when using a fake embed token.
From inspecting my token, the scopes are
```
offline_access
user.profile
lucidchart.document.content.share.embed
lucidchart.document.content:readonly
lucidchart.document.app.picker.share.embed
```
And I can share the embedId that I created by calling createEmbed if you would like.
I believe the 404 is being caused by either the host being wrong (lucid.app/embeds) or something in the query parameter string which is malformed and causing our system to not detect which route it is. A 404 is returned before any business logic, so its nothing with the token or embed. The issue must be in the route or parameters. For example, here is what I see if I try “embed” instead of “embeds”
Hey @Michael B
I have resolved my issue. Your comments helped out a lot.
Thanks for all your help!
Fantastic. Glad to hear this is resolved before we get into the holiday window and communication slows down.
Reply
Create an account in the community
A Lucid account is required to interact with the community. You will be redirected to the Lucid app to create an account.
