Est. 1962 — Purveyors of Fine Provisions

Honest food, thoughtfully sourced.

A fictional storefront. Every pixel of this site exists to test embedding.

Our assistant — the official embed widget

Self-login: type any email and request a sign-in code. A code is sent only to a provisioned, row-scoped account — unknown or unscoped addresses are refused, and no code is sent. Zero integration — the customer site pastes only the loader.


    

The launcher bubble appears bottom-right (drag it, click to open). A 6-digit code is emailed only to a provisioned, row-scoped account — e.g. demo@upcai.info works. A random address gets the same generic response but no code and no session, so accounts can't be probed. That's the account check — enforced when the code is requested, not just at sign-in.

Advanced — HMAC handoff (signed identity)

Mint an identity: curl -X POST <origin>/api/engine/embed/sign-test -H "Authorization: Bearer <admin JWT>" -d '{"tenant":"dash","userId":"demo_1","email":"demo@upcai.info","role":"member","entityId":"2197"}' — the signed blob (not the secret) is what a customer backend renders into their page.