Deep Link + iFrame Embed

Last updated
Save as PDF
Share
1. Share
2. Tweet
3. Share

This page guides users and developers through embedding CCP "drawer experiences" inside an <iframe> in third-party systems such as Salesforce and ServiceNow, by pointing the iframe src to a CCP deep-link supported page.

Deep Link Pages

A deep link page is a CCP component that can be opened directly in a browser tab or embedded in an iframe. It renders a responsive, drawer-like UI — not a traditional overlay drawer attached to a background CCP page — and enforces CCP authentication and privileges as normal.

Application Prefix

All CCP deep link-supported pages must start with /{APP_PREFIX}, where APP_PREFIX = ui/customercare.

Example:

https://{BASE_URL}/ui/customercare/...

Deep Link URL Examples

Replace {BASE_URL} with the correct environment host and {ACCOUNT_NO} with the target account number.

Make Payment

Create New: http://{BASE_URL}/ui/customercare/accounts/{ACCOUNT_NO}/make-payment

Cash Credits

List View: http://{BASE_URL}/ui/customercare/accounts/{ACCOUNT_NO}/cash-credits
Create New: http://{BASE_URL}/ui/customercare/accounts/{ACCOUNT_NO}/credits/cash-credits/new

UI/UX Requirements for iFrame Mode

Branding

iFrame mode displays the exact same drawer shown in CCP, with the addition of the Aria logo in the header.

Close / Cancel Behavior

Because the deep link page is embedded, CCP cannot reliably go back and close the page. As a result, close affordances have been removed from the iFrame view:

No X close icon
No Cancel button

Note: If close behavior is required in an embedded context, implement the postMessage handshake described in Close/Complete Handshake via postMessage below.

Responsive / Minimum Width Requirements

The iframe container on the hosting page must meet the following minimum width requirements:


Use Case	Minimum Width
All deep link pages (default)	776px
Pages with Open Transaction-style grids (Payment / Cash Credit creation)	1040px

Security & Access Requirements

Authentication

CCP's current approach for third-party iframe embed uses normal CCP username/password authentication. SSO support has not yet been finalized.

Implication: The user in Salesforce or ServiceNow must be able to authenticate to CCP, or must already have an active CCP session.

Privilege Enforcement

Deep link pages enforce the same privilege model as the in-app UI trigger. If the user's privileges disallow access, the deep link page renders a 403-style error page — not a broken or empty form.

Third-Party Implementation

The following is the simplest embed pattern for any third-party system.

Embed Snippet

<div style="width: 1040px; max-width: 100%;">
  <iframe
    src="https://{BASE_URL}/ui/customercare/accounts/{ACCOUNT_NO}/make-payment"
    style="width: 100%; height: 900px; border: 0;"
    sandbox="allow-forms allow-scripts allow-same-origin allow-popups allow-downloads"
    referrerpolicy="no-referrer">
  </iframe>
</div>

Requirements for the Hosting Page

Host container width must be ≥ 776px
Prefer ≥ 1040px for Make Payment and Cash Credit Create pages (Open Transaction table pages)

What the Host Should Expect

If the user is not authenticated: CCP will display its login flow.
If the user lacks privileges: CCP will display a 403 error page.

Close/Complete Handshake via postMessage

CCP removed close/cancel buttons from the iframe view because reliable close behavior is not possible in an embedded context. To enable a smooth embedded UX, implement a parent/child postMessage handshake.

Parent Listener (Salesforce / ServiceNow / Web App)

Add the following listener to the hosting page:

window.addEventListener("message", (event) => {
  // Always validate the origin
  if (event.origin !== "https://{BASE_URL}") return;

  const msg = event.data;

  if (msg?.type === "ccp.drawer.close") {
    // Close the modal or panel hosting the iframe
  }

  if (msg?.type === "ccp.drawer.complete") {
    // Refresh the surrounding UI, show a success message, etc.
  }
});

Note: Always validate event.origin before acting on a message to prevent cross-origin security issues.

Salesforce vs ServiceNow Implementation Notes

Salesforce

Use a Visualforce page, Lightning Web Component (LWC), or Lightning App Page component that renders an iframe.
Ensure the iframe container width meets CCP minimums (776px / 1040px depending on the page).

ServiceNow

Use a Service Portal widget, UI page, or embedded content frame.
Ensure the iframe container width meets CCP minimums (776px / 1040px depending on the page).

Cross-Domain Considerations

The third-party host must allow:

Embedding the CCP domain inside an iframe
Cookie and session behavior that supports embedded authentication (browser-dependent)

Feature Route Naming

All CCP deep link routes follow these standardization rules:

Use comma delineated case for feature segments (e.g., make-payment, cash-credits).
Use nouns for resources (preffered); use verbs only when historically established (e.g., make-payment is an existing convention).
Use explicit create or new endpoints for create flows.
Do not rely on browser #hash fragments for deep link routing.

QA / Validation Checklist

Use the following as an acceptance checklist when validating a third-party embed:

Browser tab — Deep link loads correctly in a normal browser tab (not embedded).
iFrame load — Deep link loads inside an iframe on the target platform page.
Width
- ≥ 776px for default deep link pages
- ≥ 1040px for Make Payment and Cash Credit Create pages with an Open Transaction table
iFrame UI differences
- Aria logo is shown in the header (where defined)
- No Close / Cancel controls are visible in iframe view
Authentication — If the user is not authenticated, they can log in successfully from within the iframe.
Privileges — A user without the required privilege sees a 403 error page (applies to Make Payment and Cash Credits).
Browsers — Validate behavior in Chrome, Firefox, and Edge.

TOP