Provision Users

Cloutly Embed provisioning flow: signed JWT auth and on-the-fly upsert for users and businesses.

This flow is modeled after a provision-first embed architecture: your backend signs a short-lived JWT, Cloutly verifies it, then upserts user and business context automatically before loading the iframe.

Step 1: Obtain your signing key

In Cloutly platform settings, manually create/retrieve your embed signing key.

Keep this key server-side only. Never expose it in browser code.

Step 2: Generate a short-lived JWT on your backend

Use your signing key to create a JWT that includes identity and business context.

Required claims

{
  "externalUserEmail": "[email protected]",
  "externalBusinessId": "biz_123",
  "businessDisplayName": "Acme Plumbing - Gold Coast",
  "firstName": "Jane",
  "lastName": "Smith",
  "role": "ADMIN",
  "smsLimits": 500,
  "iat": 1735689600,
  "exp": 1735689900
}

Claim notes

externalUserEmail is used to upsert the user.
externalBusinessId is used to upsert the business.
businessDisplayName is used for readable business labels in UI.
role controls access inside embed session.
smsLimits sets available SMS capacity for this business context.
Use short TTLs for exp and issue tokens per active session.

Step 3: Pass token into iframe session

Your frontend requests a token from your backend, then appends it to the embed URL as a session bootstrap token.

PreviousEmbed Overview NextEmbed App in Iframe

Last updated 12 hours ago

hashtagStep 1: Obtain your signing key

hashtagStep 2: Generate a short-lived JWT on your backend

hashtagRequired claims

hashtagClaim notes

hashtagStep 3: Pass token into iframe session

Step 1: Obtain your signing key

Step 2: Generate a short-lived JWT on your backend

Required claims

Claim notes

Step 3: Pass token into iframe session