> ## Documentation Index
> Fetch the complete documentation index at: https://docs.asktable.com/llms.txt
> Use this file to discover all available pages before exploring further.

# Embedding

> Embedding lets you drop an agent into your own website as an iframe, so visitors can ask data questions without logging in. This page covers what embedding does, how to configure it, the visitor experience, and the security model.

## What is embedding

Embedding drops an [agent](/en/concepts/agent/overview) into your own website as an `<iframe>`. Site visitors **don't log in to AskTable and don't pick a data source or role** — they open the page and ask questions in natural language.

It's the fourth way an agent reaches the outside, alongside [channels](/en/concepts/agent/channel) and [scheduled tasks](/en/concepts/agent/schedule): channels connect to IM, scheduled tasks push on a schedule, and embedding serves the anonymous visitors on your website.

## Typical scenarios

* A "self-service data" entry point on your marketing site or help center, where visitors ask and get answers themselves
* A query window in a customer portal that reads a specific slice of data
* An analysis helper bound to a fixed role, embedded in an internal wiki page

## Configuration

An embed address contains:

| Field               | Description                                                                                                                                                               |
| ------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
| **Name**            | The display name, only used to tell your addresses apart in the dashboard                                                                                                 |
| **Role**            | Required. The address binds one fixed role (with fixed role variables), so **every anonymous visitor asks within that role's data scope** and sees the same data boundary |
| **Trusted domains** | A toggle plus a domain allowlist. **Off (default) = the origin is not checked, any site can embed**; **on = only domains on the allowlist may embed** this address        |
| **Enabled**         | A toggle. **A new address is enabled and usable right away**; disabling it drops any in-progress session immediately                                                      |

Each embed address belongs to an agent, which answers the questions.

## How to configure

<Steps>
  <Step title="Create an embed address">
    Open the agent's detail page, go to the **Embed** tab, and click **New address**.
  </Step>

  <Step title="Name it and pick a role">
    Give it a name and choose a role as the visitor's data scope. If the role needs role variables (such as `user_id`), fill them in too — these are fixed for every visitor.
  </Step>

  <Step title="Set trusted domains (optional)">
    By default the origin is not checked and any site can embed. To restrict it to specific sites, turn on **Trusted domains** and add each allowed domain to the allowlist (such as `https://example.com`).

    <Warning>If the toggle is on but the allowlist is empty, no site can embed the address — remember to add at least one domain.</Warning>
  </Step>

  <Step title="Save and copy the embed code">
    The address is enabled once saved. Click **Copy embed code** and paste the `<iframe>` into your page:

    ```html theme={null}
    <iframe src="https://<your-asktable-site>/embed/emb_xxxx"
            style="width:100%;height:600px;border:0"></iframe>
    ```
  </Step>
</Steps>

## Visitor experience

When a visitor opens the embedded page:

* No login, and no picking a data source or role — they ask right away in the input box
* Answers stay within the data scope of the bound role
* They can switch between **fast and deep** thinking (fast by default, for a more immediate response)
* Refreshing within 24 hours **continues the same conversation**; after that it starts a new one automatically, and they can start over anytime with **New conversation**

## Security model

Embedding faces anonymous public visitors, so it relies on several layers:

* **Fixed role data scope** — visitors can only reach data the bound role allows; changing the role only affects conversations created afterward
* **Unguessable address ID** — the address ID is a random string (with an `emb_` prefix) that doesn't expose enumeration
* **Trusted-domain allowlist** — with **Trusted domains** on, only pages on allowlisted domains can embed
* **Disable stops it** — disabling an address drops any in-progress session immediately

<Note>An embed is a public entry point. When you bind a role, make sure its data scope is appropriate to expose publicly.</Note>

## Embedding vs channels

Both let **external users** use an agent, but in different forms:

* **Channel**: connects to IM tools like Feishu, where users chat inside the IM
* **Embedding**: an iframe in your website, for **anonymous web visitors**, bound to one fixed role, where everyone sees the same data scope

## Frequently asked questions

**Q: Do visitors need to log in?**
A: No. Embedding is for anonymous visitors — they open the page and ask.

**Q: Do different visitors see the same data?**
A: Yes. One address binds one fixed role and fixed role variables, so all visitors share that scope. To isolate data per visitor, use a channel plus permissions rather than an embed.

**Q: How do I restrict embedding to my own site?**
A: Turn on **Trusted domains** and add your domain to the allowlist. By default the origin isn't restricted.

**Q: What happens to a visitor mid-chat if I disable the address?**
A: The session drops immediately. After you re-enable it, the visitor can refresh the page to start again.
