Skip to main content@qonto/embed-sdk / <internal> / ClientOperationSettings
Interface: ClientOperationSettings
Client-side operation settings that enforce proxy-based authentication.
These settings are designed for browser environments where direct access
to authentication tokens should be avoided for security reasons.
Properties
accessToken?
optional accessToken: undefined
Server-only properties are explicitly excluded from client settings.
Use @qonto/embed-sdk/{namespace}/server for server-side operations.
debugMode?
optional debugMode: boolean
Whether to enable debug mode for the SDK. If not provided, the SDK will
default to false.
If debug mode is enabled, it will print extra logging to the console
during the execution of the SDK functions in which an iframe is involved.
idempotencyKey?
optional idempotencyKey: string
Optional idempotency key to use for the operation. If not provided, the
SDK will generate a random key for the functions that require it.
locale?
optional locale: string
The locale to use for the SDK. This is optional, and if not provided, it will
default to English. Setting the locale will make the SDK render its UI in the
specified language.
mfaPreference?
optional mfaPreference: string
The Multifactor Authentication (MFA) preference to use for the operations.
This can be either MFA_METHODS.PASSKEY, MFA_METHODS.PAIRED_DEVICE or
MFA_METHODS.SMS_OTP. If not provided, the SDK will default to ‘PASSKEY’.
optional paginationSettings: PaginationSettings
Optional pagination settings to use for the operation. If the called function
is not subject to pagination, this parameter will be ignored.
proxyEndpointDescriptor?
optional proxyEndpointDescriptor: ProxyEndpointDescriptor
proxyEndpointDescriptor is a mechanism to avoid operating with sensitive
information, like the access token and the staging token, in client side
environments. Using them in client side could lead to data leak. It works as
follows:
Qonto Embed exposes a proxy endpoint in its API that is capable of getting
requests prepared by the SDK. In your web application, you must implement a
backend endpoint that receives a string value in the body,
adds the access token in the Authorization header and calls the Qonto
Embed proxy endpoint with the string payload you received. The proxyEndpointDescriptor
the SDK expects is an object in which you will describe the call to your
backend endpoint.
proxyRequestFunction?
optional proxyRequestFunction: ProxyRequestFunction
Required for client-side operations: either proxyRequestFunction or proxyEndpointDescriptor.
proxyRequestFunction is a mechanism to avoid operating with sensitive
information, like the access token and the staging token, in client side
environments. Using them in client side could lead to data leak. It works as
follows:
Qonto Embed exposes a proxy endpoint in its API that is capable of getting
requests prepared by the SDK. In your web application, you must implement a
backend endpoint that receives a string value in the body,
adds the access token in the Authentication header and calls the Qonto
Embed proxy endpoint with the string payload you received. The proxyRequestFunction
the SDK expects is a function in which you will implement the call to your
backend endpoint. It receives a string parameter, it must perform a call to
your endpoint and return the data the endpoint sends you back.
scaSessionToken?
optional scaSessionToken: undefined
stagingToken?
optional stagingToken: undefined
uiParentElementId?
optional uiParentElementId: UIParentElementId
The id of the element where the SDK UI for sensitive operations will be
rendered. Required for operations that involve UI components (e.g., SCA flows). 
