• Realaml API
    • Basic Realaml workflow
    • Mock/Test Requests (Staging)
    • Security recommendations
    • iFrame Embed
    • iOS SDK
    • Android SDK
    • API Reference
      • Verifications
        • Create a verification
        • Get a verification
        • Delete a verification
        • Resend a verification
        • Reset a verification
        • Approve a verification check result
        • Approve Quick IDV result (deprecated)
        • Approve PEP result (deprecated)
        • Create and run a verification
        • Create and run a company verification
        • Approve FaceMatch result (deprecated)
      • Outsourced Verifications
        • Create an outsourced verification
        • Get an outsourced verification
        • Delete an outsourced verification
      • Risk Assessment
        • Create a risk rating
        • Get risk rating details
      • E-sign Templates
        • List e-sign templates
        • Fetch an e-sign template
      • E-sign Documents
        • Create an e-sign draft document
        • Fetch an e-sign document
        • List e-sign documents
        • Update an e-sign draft document
        • Delete an e-sign document
        • Duplicate an e-sign document
        • Create an e-sign iframe builder session
        • Send an e-sign document
        • Resend an e-sign document
        • Reinitiate an e-sign document
        • Void an e-sign document
      • Form Submissions
        • Create a form submission
        • Fetch a form submission
        • Delete a form submission
        • Resend a form submission
    • National IDs
      • Australia (AU)
      • Canada (CA)
      • China (CN)
      • Denmark (DK)
      • India (IN)
      • Mexico (MX)
      • New Zealand (NZ)
      • United States (US)
      • South Africa (ZA)
    • Changelog
    • Schemas
      • VerificationRequest
      • VerificationCompanyRequest
      • VerificationSimple
      • Verification
      • VerificationCompany
      • OutsourcedVerificationRequest
      • OutsourcedVerificationSimple
      • OutsourcedVerification
      • OutsourcedVerificationType
      • OutsourcedVerificationStatus
      • OutsourcedVerificationResult
      • OutsourcedVerificationIndividual
      • VerificationType
      • VerificationResultSource
      • Result
      • PepResult
      • PepType
      • PepHit
      • DocumentOCRData
      • FaceMatchVoiResult
      • NationalIdTypes
      • BadRequest
      • Metadata
      • PersonName
      • PersonBirthDate
      • ContactMethods
      • AddressFields
      • GeoCoordinates
      • NationalIdBundle
      • VerificationAlgorithmSelection
      • VerificationIdentityResponse
      • VerificationCoreResponse
      • VerificationAddressResponse
      • VerificationNationalIdsResponse
      • VerificationMetadataResponse
      • OtherCountries
      • OutsourcedContactMethods
      • OutsourcedOrgTracking
      • OutsourcedCore
      • CompanyContactMethods
      • CompanyCore
      • CompanyTracking
      • VerificationResendRequest
      • RiskLevel
      • RiskAnswer
      • RiskSection
      • RiskQuestion
      • RiskRatingAnswer
      • RiskRating
      • RiskRatingCreateRequest
      • FormSubmissionCreateRequest
      • FormSubmission
      • FormSubmissionUser
      • FormSubmissionForm
      • FormSubmissionVerification
      • FormSubmissionValue
      • ESignTwoFactorMethod
      • ESignEnvelopeStatus
      • ESignRecipientStatus
      • ESignFieldType
      • ESignFieldDefaultValueMode
      • ESignTemplateRecipientRole
      • ESignTemplate
      • ESignDocumentRecipientOverride
      • ESignDocumentCreateRequest
      • ESignRecipientCreateRequest
      • ESignRecipientUpdateRequest
      • ESignDocumentFile
      • ESignField
      • ESignFieldGroup
      • ESignRecipient
      • ESignActionRequiredRecipient
      • ESignActionRequired
      • ESignDocument
      • ESignFieldResponse
      • ESignCompletionCertificate
      • ESignDocumentDetail
      • ESignSendDocumentResponse
      • ESignReinitiateDocumentResponse
      • ESignDocumentUpdateRequest
      • ESignDocumentDuplicateRequest
      • ESignDocumentPage
      • ESignIframeSessionCreateRequest
      • ESignIframeSessionResponse
      • ESignResendDocumentRequest
      • ESignResendDocumentResponse
      • ESignVoidDocumentRequest
      • ESignVoidDocumentResponse

    iFrame Embed

    This guide covers embedding Realaml in an iFrame and listening for postMessage events.

    Verification / Checks iFrame#

    iFrame embedding for verification/checks is disabled by default. Contact the Realaml team to enable this for your account.

    Embed code#

    JavaScript events (postMessage)#

    The iFrame sends these postMessage events to the parent window:
    CKYC:started
    CKYC:error
    CKYC:completed
    Each event payload includes:
    signatureKey (string)
    message (optional string)

    Example listener#

    Recommendation: validate the message origin before trusting the event payload.

    Form iFrame#

    iFrame embedding is enabled by default for all forms.

    Get embed code from the dashboard#

    To copy the embed code:
    1.
    Open the form page in the Realaml dashboard
    2.
    Click the dropdown menu on the form card
    3.
    Select Copy form embed code

    Sample embed code#

    JavaScript events (postMessage)#

    The embedded form sends these postMessage events to the parent window:
    CKYC:form_started
    CKYC:form_error
    CKYC:form_completed
    Each event payload includes:
    form_id (optional string)
    form_submission_id (optional string)
    message (optional string)

    Example listener#

    Recommendation: validate the message origin before using form_id / form_submission_id.

    Performance: Optional COOP + COEP headers#

    Features such as ID scanning, ID capture, and PDF processing use WebAssembly (WASM) internally. WASM can run in multi-threaded mode for better performance, but this requires the parent page to be cross-origin isolated.
    This is optional. Without these headers everything still works — WASM simply falls back to single-threaded mode, which may be slightly slower.
    To enable multi-threaded WASM, add the following HTTP headers to your parent page (not the iFrame):
    SetupWASM modeScanning & PDF
    Without COOP + COEPSingle-threaded✅ Works, slightly slower
    With COOP + COEPMulti-threaded✅ Works, full performance
    Previous
    Security recommendations
    Next
    iOS SDK
    Built with