Skip to main content

What is embedding

Embedding drops an agent into your own website as an <iframe>. Site visitors don’t log in to AskTable and don’t pick a data source or role — they open the page and ask questions in natural language. It’s the fourth way an agent reaches the outside, alongside channels and scheduled tasks: channels connect to IM, scheduled tasks push on a schedule, and embedding serves the anonymous visitors on your website.

Typical scenarios

  • A “self-service data” entry point on your marketing site or help center, where visitors ask and get answers themselves
  • A query window in a customer portal that reads a specific slice of data
  • An analysis helper bound to a fixed role, embedded in an internal wiki page

Configuration

An embed address contains:
FieldDescription
NameThe display name, only used to tell your addresses apart in the dashboard
RoleRequired. The address binds one fixed role (with fixed role variables), so every anonymous visitor asks within that role’s data scope and sees the same data boundary
Trusted domainsA toggle plus a domain allowlist. Off (default) = the origin is not checked, any site can embed; on = only domains on the allowlist may embed this address
EnabledA toggle. A new address is enabled and usable right away; disabling it drops any in-progress session immediately
Each embed address belongs to an agent, which answers the questions.

How to configure

1

Create an embed address

Open the agent’s detail page, go to the Embed tab, and click New address.
2

Name it and pick a role

Give it a name and choose a role as the visitor’s data scope. If the role needs role variables (such as user_id), fill them in too — these are fixed for every visitor.
3

Set trusted domains (optional)

By default the origin is not checked and any site can embed. To restrict it to specific sites, turn on Trusted domains and add each allowed domain to the allowlist (such as https://example.com).
If the toggle is on but the allowlist is empty, no site can embed the address — remember to add at least one domain.
4

Save and copy the embed code

The address is enabled once saved. Click Copy embed code and paste the <iframe> into your page:
<iframe src="https://<your-asktable-site>/embed/emb_xxxx"
        style="width:100%;height:600px;border:0"></iframe>

Visitor experience

When a visitor opens the embedded page:
  • No login, and no picking a data source or role — they ask right away in the input box
  • Answers stay within the data scope of the bound role
  • They can switch between fast and deep thinking (fast by default, for a more immediate response)
  • Refreshing within 24 hours continues the same conversation; after that it starts a new one automatically, and they can start over anytime with New conversation

Security model

Embedding faces anonymous public visitors, so it relies on several layers:
  • Fixed role data scope — visitors can only reach data the bound role allows; changing the role only affects conversations created afterward
  • Unguessable address ID — the address ID is a random string (with an emb_ prefix) that doesn’t expose enumeration
  • Trusted-domain allowlist — with Trusted domains on, only pages on allowlisted domains can embed
  • Disable stops it — disabling an address drops any in-progress session immediately
An embed is a public entry point. When you bind a role, make sure its data scope is appropriate to expose publicly.

Embedding vs channels

Both let external users use an agent, but in different forms:
  • Channel: connects to IM tools like Feishu, where users chat inside the IM
  • Embedding: an iframe in your website, for anonymous web visitors, bound to one fixed role, where everyone sees the same data scope

Frequently asked questions

Q: Do visitors need to log in? A: No. Embedding is for anonymous visitors — they open the page and ask. Q: Do different visitors see the same data? A: Yes. One address binds one fixed role and fixed role variables, so all visitors share that scope. To isolate data per visitor, use a channel plus permissions rather than an embed. Q: How do I restrict embedding to my own site? A: Turn on Trusted domains and add your domain to the allowlist. By default the origin isn’t restricted. Q: What happens to a visitor mid-chat if I disable the address? A: The session drops immediately. After you re-enable it, the visitor can refresh the page to start again.