Embedding the consent widget
Instead of sending customers to a StatementIQ link, you can embed the consent step directly in your own application. Create a requestvia the API, then embed the widget for that request’s id.
<iframe
src="https://statementiq.com.au/embed/{REQUEST_ID}"
width="100%"
height="520"
style="border:0"
></iframe>Live preview
This is the widget your customer sees, framed exactly as it would appear in your app:
The widget explains the process to the customer and starts the bank connection. For security, the sensitive bank step itself opens top-level in the accredited flow (banks do not allow their sign-in to be framed), then returns the customer to your page.
Prefer your own UI? Skip the iframe entirely
You don’t have to use the widget at all. Your application can own the whole experience — your form, your screens, your branding — and integrate with two API calls:
- Collect the client’s details in your own form, then create a request server-side:
POST /v1/requests. The response includes aconsent_url. - Present that URL however fits your product — a button, a redirect, a QR code, or a link in your own email. When the client opens it, the accredited bank-connection flow takes over; when they finish, you get a webhook (or poll) and fetch the report.
Keep API keys server-side
The embed URL uses only the request id — it exposes no API key, which is why it is safe to put in a browser. Never place your siq_live_ or siq_test_ key in front-end code; create requests and fetch reports from your server.