Skip to main content
The HTML SDK is a lightweight script that exposes a global Vouchmark object. Use it when you don’t have a framework or want the simplest possible integration.

Installation

Add the script to your page’s <head> or before the closing </body>:
<script src="https://js.vouchmark.com/v1/vouchmark.js" async></script>
The script is ~12 KB gzipped and loads asynchronously so it won’t block rendering.

Quick start

<button id="start-kyb">Verify your business</button>

<script>
  document.getElementById("start-kyb").addEventListener("click", function () {
    Vouchmark.open({
      widgetId: "wgt_your_widget_id",
      publicKey: "live_pk_your_public_key",
      environment: "live",
      applicant: {
        email: "applicant@example.com",
        businessName: "Acme Ltd",
        registrationNumber: "RC123456",
      },
      onSuccess: function (applicant) {
        console.log("Approved:", applicant.id, applicant.riskScore);
      },
      onAbandon: function () {
        console.log("Applicant closed the widget");
      },
      onError: function (error) {
        console.error("Widget error:", error.code, error.message);
      },
    });
  });
</script>

Configuration options

ParameterTypeRequiredDescription
widgetIdstringYesThe widget ID from your dashboard. Must match the widget’s environment.
publicKeystringYesPublishable key: test_pk_… (sandbox) or live_pk_… (live).
environment"sandbox" | "live"Yes"sandbox" with test_pk_…, "live" with live_pk_…. Must match the widget ID. See Environments.
applicantobjectNoPre-fill applicant details (email, businessName, registrationNumber, phone, tin, jurisdiction, industry).
referenceIdstringNoYour internal reference to link this session to your system.
sessionTokenstringNoServer-generated signed token (required when requireSignedRequests is enabled).
localestringNoUI language. Default "en".
onSuccessfunctionNoCalled when the applicant is approved. Receives the applicant object.
onAbandonfunctionNoCalled when the user closes the widget without completing.
onErrorfunctionNoCalled on unrecoverable errors. Receives { code, message }.
onStepCompletedfunctionNoCalled after each module completes. Receives { moduleId, status }.
onReadyfunctionNoCalled when the widget iframe has loaded and is ready.

Methods

Vouchmark.open(config)

Opens the widget overlay. If the widget is already open, this is a no-op.

Vouchmark.close()

Programmatically closes the widget. Triggers onAbandon if the flow was not yet complete.

Vouchmark.isReady()

Returns true once the script has loaded and is ready to open.

Signed sessions (optional)

If you enabled Require signed requests in the widget security settings, you must generate a sessionToken on your server before opening the widget:
// Server-side (Node.js example)
import { Vouchmark } from "@vouchmark/node";

const vouchmark = new Vouchmark({ secretKey: process.env.VOUCHMARK_SECRET_KEY });

const session = await vouchmark.sessions.create({
  widgetId: "wgt_your_widget_id",
  environment: "live",
  applicant: { email: "applicant@example.com" },
});

// Return session.token to the client
Then pass it client-side:
<script>
  Vouchmark.open({
    widgetId: "wgt_your_widget_id",
    publicKey: "live_pk_your_public_key",
    environment: "live",
    sessionToken: "sess_signed_token_from_server",
    onSuccess: function (applicant) { /* ... */ },
  });
</script>

Content Security Policy

If your site uses a strict CSP, add these directives:
script-src 'self' https://js.vouchmark.com;
frame-src 'self' https://widget.vouchmark.com;
connect-src 'self' https://api.vouchmark.com;

Browser support

The widget supports all modern browsers (Chrome, Firefox, Safari, Edge) and degrades gracefully on older browsers. IE11 is not supported.