Skip to main content

Overview

The ZBD Widget is an embeddable iframe that handles the full cashout flow for your users — identity verification (KYC), bank account linking (Plaid), and ACH payouts. Your backend handles user creation, session minting, and balance funding; the widget handles everything else.

Prerequisites

Before integrating:
  1. Make sure you already have a ZBD Developer Dashboard account and a project.
  2. Copy the project API key from the project’s API section.
  3. Open the Widget tab in the Developer Dashboard to configure sandbox balance and webhook settings.
  4. If the Widget tab is not available yet, contact ZBD support to enable it for your project.
After that, fund the sandbox account before you try to cash out.

Quick Start

To get sandbox running quickly, start with the sandbox guide:
  1. Create a sandbox user.
  2. Fund the sandbox user.
  3. Create a widget session.
  4. Embed the returned widget_url in your frontend.
  5. Listen for widget events and webhook deliveries.

Integration Flow

Use POST /api/v1/widget/users/deplete when your server needs to debit points back from a widget user’s point balance.

Events

The ZBD Widget emits browser events to your frontend and server webhooks to your backend.

Browser Events

Handle iframe callbacks in your frontend.

Server Webhooks

Process signed backend webhook deliveries.

Authentication

Widget endpoints use two auth patterns:
Never expose your publisher API key in the browser. Steps 1–3 must happen on your server.

Embedding the Widget

After creating a session, load the returned widget_url in your client. Your backend should create the session; your game or web client only receives the widget_url.
Allow document downloads. The widget lets users download documents (disclosure PDFs, cashout receipts/statements). Browsers only permit a framed page to start a download if the iframe explicitly allows it. If you apply a sandbox attribute — as in the example above — it must include allow-downloads (alongside allow-scripts allow-same-origin allow-forms allow-popups). Without allow-downloads, the browser blocks the in-frame download and the widget falls back to opening the document in a new browser tab. If you do not set a sandbox attribute at all, downloads work by default.

Embed Parameters

Pass these as URL query parameters on the widget URL: