JavaScript SDK
Components
Iframes
Most of the ZeroKit JavaScript code runs inside iframes hosted on the Tenant Server. This is to ensure the separation of security critical data e.g.: keys and authentication information and to provide protection against certain XSS attacks. This way the separation isn't done only on the JavaScript level: since the code runs inside an iframe, hosted on a different domain, the browser itself ensures separation, so no code running in the application can get access to keys or other data inside, including accidental leaks/uploads by the application itself.
The iframes that have a user interface can all be customized by providing your own css files and they all provide a common set of customization methods, described in Customization.
SDK
The SDK itself is a fairly small script hosted on the Tenant server. This handles loading the iframes, communicating with them through messages, and checking the origin of every message to increase security. Every operation is asynchronous, and returns promises, so it won't block the UI.
Setup
Setting the SDK up is an easy 3 step process:
- Load the JavaScript file from the provided URL (see the example below). You may need to modify the version number later. This will inject zkit_sdk into the global namespace.
Configure SDK by calling the setup method. The first argument is the origin of your tenant. The second is the path to your tenant. (see the example below). You can get these by splitting up the service url you can get on the management portal. Please mind the lack of '/' at the end of both parameters.
The iframe will be loaded asynchronously before the first call.
<script src="${serviceUrl}/static/v4/zkit-sdk.js"></script>
zkaas_sdk.setup(`${serviceUrl}`);