> ## Documentation Index
> Fetch the complete documentation index at: https://docs.vouchmark.com/llms.txt
> Use this file to discover all available pages before exploring further.

# Get embed config

> Fetch the public configuration for a live widget by its embed token.

<Note>
  This is an embed runtime endpoint. It is called by the embedded Vouchmark widget in the applicant's browser, not by your backend. It uses the widget's `token` and does **not** take a `Bearer` token.
</Note>

Returns the public-facing configuration (branding, flow, and modules only) for a widget. The widget must be `live`. If the widget is configured to require signed requests, it cannot be opened via direct link and this endpoint returns an error.

Authenticate with **either** a direct-link token **or** SDK credentials (`widgetId`, `publicKey`, `env`). All SDK values must match the same environment — see [SDK environments](/sdks/overview#environments).

## Query parameters

Use one of the following parameter sets.

### Direct link

<ParamField query="token" type="string">
  The widget's embed link token (`embedLinkToken`, starts with `elt_`). Required when not using SDK credentials.
</ParamField>

### SDK (mobile / web embed)

<ParamField query="widgetId" type="string">
  Widget ID from the dashboard. Required with `publicKey` and `env`.
</ParamField>

<ParamField query="publicKey" type="string">
  Publishable API key: `test_pk_…` (sandbox) or `live_pk_…` (live).
</ParamField>

<ParamField query="env" type="string">
  Widget environment: `sandbox` or `live`. Must match the key prefix and the widget's `environment` field.
</ParamField>

<RequestExample>
  ```bash Direct link theme={null}
  curl "https://api.vouchmark.com/v1/widget/embed/config?token=elt_..."
  ```

  ```bash SDK credentials theme={null}
  curl "https://api.vouchmark.com/v1/widget/embed/config?widgetId=kyb_...&publicKey=test_pk_...&env=sandbox"
  ```
</RequestExample>

<ResponseExample>
  ```json theme={null}
  {
    "success": true,
    "data": {
      "widgetId": "wgt_aBcD...",
      "name": "Acme KYB",
      "status": "live",
      "environment": "live",
      "config": {
        "branding": {
          "brandName": "Acme",
          "logoUrl": "https://example.com/logo.png",
          "accentColor": "#6466AE",
          "cornerRadius": "soft",
          "welcomeTitle": "Verify your business",
          "welcomeMessage": "This takes about 10 minutes.",
          "completionTitle": "All done!",
          "completionMessage": "We'll review within 24 hours.",
          "supportEmail": "support@acme.com"
        },
        "flow": {
          "order": ["business_profile", "cac_verification", "tin_verification"],
          "enableSavedProgress": true,
          "enableResume": true,
          "sessionTimeoutMinutes": 60,
          "successRedirectUrl": "",
          "failureRedirectUrl": "",
          "abandonRedirectUrl": ""
        },
        "modules": {
          "business_profile": { "enabled": true, "required": true },
          "cac_verification": { "enabled": true, "required": true },
          "tin_verification": { "enabled": true, "required": true }
        }
      }
    }
  }
  ```
</ResponseExample>

The public config exposes only the `branding`, `flow`, and `modules` sections — never `security`, `risk`, or `notifications`. Rate limited to 60 requests per minute.
