A fictional storefront. Every pixel of this site exists to test embedding.
Whatever the valley gives us, jarred and shelved.
Raw-milk wheels from farms we can name.
Small growers, honest prices, no points system.
Embedded below via a plain cross-origin <iframe> — pattern 1 under test.
Persisted in localStorage; override per-visit with
?embed=https://…. postMessage events from the frame are
logged to the console.
Pattern 2 — the real integration: loader.js + HMAC handoff. Paste a
signed identity (mint one with the admin sign-test endpoint), and
the ShopAI widget appears bottom-right, exactly as it would on a customer site.
Mint an identity (30-min expiry):
curl -X POST <loader-origin>/api/engine/embed/sign-test -H "Authorization: Bearer <admin JWT>" -d '{"tenant":"dash","userId":"demo_1","email":"demo@upcai.info","role":"member","entityId":"2197"}'
— the signed blob (not the secret) is what a customer's backend would render into their page.