> ## Documentation Index
> Fetch the complete documentation index at: https://docs.yo-lead.com/llms.txt
> Use this file to discover all available pages before exploring further.

# Create embed session

> Creates a short-lived iframe session for embedding YoLead chat UI in a customer system. Embed sessions expire after 60 minutes.

Required API key scope: `read`.

A `read` key can only receive `showChatsList` and `showChatPage`. A `read-write` key can receive all supported capabilities. If `showChatPage` is requested without `showChatsList`, `chatId` is required.



## OpenAPI

````yaml /openapi/public-api-v1.json post /v1/embed/sessions
openapi: 3.1.0
info:
  title: YoLead Public API
  version: 1.0.0
  description: >-
    Public REST API for YoLead integrations. Only endpoints mounted under /v1
    are included. Management endpoints used by the YoLead UI, including
    /integrations/*, are intentionally excluded.
servers:
  - url: https://api.yo-lead.com
    description: Production
security:
  - YoLeadPublicKey: []
    YoLeadTimestamp: []
    YoLeadSignature: []
tags:
  - name: Employees
    description: Employee data available to integrations.
  - name: Embed
    description: Iframe session creation for embedding YoLead UI.
  - name: Tickets
    description: Ticket history and status operations.
paths:
  /v1/embed/sessions:
    post:
      tags:
        - Embed
      summary: Create embed session
      description: >-
        Creates a short-lived iframe session for embedding YoLead chat UI in a
        customer system. Embed sessions expire after 60 minutes.


        Required API key scope: `read`.


        A `read` key can only receive `showChatsList` and `showChatPage`. A
        `read-write` key can receive all supported capabilities. If
        `showChatPage` is requested without `showChatsList`, `chatId` is
        required.
      operationId: createEmbedSession
      requestBody:
        description: Embed session settings.
        required: true
        content:
          application/json:
            schema:
              $ref: '#/components/schemas/CreateEmbedSessionRequest'
            example:
              employeeId: 64f000000000000000000001
              chatId: 64f000000000000000000002
              capabilities:
                - showChatPage
                - showSendInput
                - showStatusButton
                - showAssigneeButton
      responses:
        '201':
          description: Embed session created.
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/CreateEmbedSessionResponse'
              example:
                data:
                  iframeUrl: >-
                    https://app.yo-lead.com/embed/chats/64f000000000000000000002#token=eyJ...
                  embedToken: eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...
                  expiresAt: '2026-05-08T12:00:00.000Z'
                  capabilities:
                    - showChatPage
                    - showSendInput
                    - showStatusButton
                    - showAssigneeButton
                  allowedChatId: 64f000000000000000000002
        '400':
          $ref: '#/components/responses/ValidationError'
        '401':
          $ref: '#/components/responses/Unauthorized'
        '403':
          $ref: '#/components/responses/Forbidden'
        '404':
          $ref: '#/components/responses/NotFound'
        '500':
          $ref: '#/components/responses/InternalServerError'
components:
  schemas:
    CreateEmbedSessionRequest:
      type: object
      required:
        - employeeId
        - capabilities
      properties:
        employeeId:
          $ref: '#/components/schemas/ObjectId'
        chatId:
          $ref: '#/components/schemas/ObjectId'
        capabilities:
          type: array
          minItems: 1
          items:
            $ref: '#/components/schemas/EmbedChatCapability'
    CreateEmbedSessionResponse:
      type: object
      additionalProperties: false
      required:
        - data
      properties:
        data:
          $ref: '#/components/schemas/CreateEmbedSession'
    ObjectId:
      type: string
      pattern: ^[0-9a-fA-F]{24}$
      description: MongoDB ObjectId represented as a 24-character hexadecimal string.
      example: 64f000000000000000000001
    EmbedChatCapability:
      type: string
      description: UI/runtime capability granted to the generated iframe session.
      enum:
        - showChatsList
        - showChatPage
        - showSendInput
        - showStatusButton
        - showAssigneeButton
    CreateEmbedSession:
      type: object
      additionalProperties: false
      required:
        - iframeUrl
        - embedToken
        - expiresAt
        - capabilities
      properties:
        iframeUrl:
          type: string
          format: uri
          description: Iframe URL that the customer frontend should embed.
          example: >-
            https://app.yo-lead.com/embed/chats/64f000000000000000000002#token=eyJ...
        embedToken:
          type: string
          description: Short-lived token consumed by the YoLead iframe runtime.
          example: eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...
        expiresAt:
          $ref: '#/components/schemas/IsoDateTime'
          description: Token expiration time. Embed sessions expire after 60 minutes.
        capabilities:
          type: array
          items:
            $ref: '#/components/schemas/EmbedChatCapability'
        allowedChatId:
          $ref: '#/components/schemas/ObjectId'
    ErrorResponse:
      type: object
      additionalProperties: false
      required:
        - code
        - message
      properties:
        code:
          type: integer
          example: 40001
        message:
          type: string
          example: Validation error
    IsoDateTime:
      type: string
      format: date-time
      description: ISO 8601 date-time string.
      example: '2026-05-08T12:00:00.000Z'
  responses:
    ValidationError:
      description: Validation error.
      content:
        application/json:
          schema:
            $ref: '#/components/schemas/ErrorResponse'
          example:
            code: 40001
            message: Validation error
    Unauthorized:
      description: Invalid API credentials, stale timestamp, or invalid request signature.
      content:
        application/json:
          schema:
            $ref: '#/components/schemas/ErrorResponse'
          example:
            code: 40121
            message: Invalid API credentials
    Forbidden:
      description: API key scope is not sufficient for this operation.
      content:
        application/json:
          schema:
            $ref: '#/components/schemas/ErrorResponse'
          example:
            code: 40361
            message: API key scope is not sufficient
    NotFound:
      description: Requested entity was not found or is not accessible for this company.
      content:
        application/json:
          schema:
            $ref: '#/components/schemas/ErrorResponse'
          example:
            code: 40471
            message: Ticket not found
    InternalServerError:
      description: Unexpected server error.
      content:
        application/json:
          schema:
            $ref: '#/components/schemas/ErrorResponse'
          example:
            code: 50001
            message: Internal server error
  securitySchemes:
    YoLeadPublicKey:
      type: apiKey
      in: header
      name: X-YoLead-Key
      description: Public API key generated in the YoLead UI.
    YoLeadTimestamp:
      type: apiKey
      in: header
      name: X-YoLead-Timestamp
      description: >-
        Unix timestamp in milliseconds. Requests must be signed within a
        5-minute window.
    YoLeadSignature:
      type: apiKey
      in: header
      name: X-YoLead-Signature
      description: >-
        Hex HMAC-SHA256 signature over `<timestamp>.<raw_body>` using the API
        secret.

````