Embedding the consent widget

Instead of sending customers to a StatementIQ link, you can embed the consent step directly in your own application. Create a requestvia the API, then embed the widget for that request’s id.

<iframe
  src="https://statementiq.com.au/embed/{REQUEST_ID}"
  width="100%"
  height="520"
  style="border:0"
></iframe>

Live preview

This is the widget your customer sees, framed exactly as it would appear in your app:

The widget explains the process to the customer and starts the bank connection. For security, the sensitive bank step itself opens top-level in the accredited flow (banks do not allow their sign-in to be framed), then returns the customer to your page.

Track completion with webhooks
The embed does not tell your back-end when consent finishes. Use webhooks (or poll the request) to know when the report is ready, then fetch it server-side with your API key.

Prefer your own UI? Skip the iframe entirely

You don’t have to use the widget at all. Your application can own the whole experience — your form, your screens, your branding — and integrate with two API calls:

  1. Collect the client’s details in your own form, then create a request server-side: POST /v1/requests. The response includes a consent_url.
  2. Present that URL however fits your product — a button, a redirect, a QR code, or a link in your own email. When the client opens it, the accredited bank-connection flow takes over; when they finish, you get a webhook (or poll) and fetch the report.
The one fixed step
The bank-connection step itself (choosing a bank, one-time code, consent) always happens on the accredited CDR flow at the top level — banks don’t allow that step to be framed or re-skinned, and the consent wording is regulated. Everything before and after it can be fully yours.

Keep API keys server-side

The embed URL uses only the request id — it exposes no API key, which is why it is safe to put in a browser. Never place your siq_live_ or siq_test_ key in front-end code; create requests and fetch reports from your server.