Skip to main content
Capabilities are UI/runtime flags for the embedded YoLead interface. The backend still validates access and state before allowing any action.
Capabilities control iframe UI features. They do not replace API key scope checks, employee access checks, chat access checks, or ticket state validation.
Supported capabilities:
CapabilityEffectScope
showChatsListAllows the iframe to show the chats list and open chat pages from that list.read, read-write
showChatPageAllows the iframe to show a specific chat page.read, read-write
showSendInputAllows message input to be shown.read-write
showStatusButtonAllows ticket status controls to be shown.read-write
showAssigneeButtonAllows assignee controls to be shown.read-write
Scope limits:
API key scopeAllowed capabilities
readshowChatsList, showChatPage
read-writeAll capabilities
If showChatPage is requested without showChatsList, chatId is required. If a read key requests write capabilities, YoLead silently removes those capabilities from the effective session. The response capabilities field shows what was actually granted. If no view capability remains after filtering, session creation fails.

View capabilities

At least one view capability must be enabled:
  • showChatsList
  • showChatPage
Without a view capability, the iframe has no screen to render and session creation fails.

Single-chat restriction

When showChatPage is used without showChatsList, the session must be tied to a specific chatId. In that case, the response includes allowedChatId, and the iframe token is scoped to that chat.