Checkr Embeds are the fastest way to add background check experiences to a product using pre-built components that you can add with a few lines of code. Our goal is to make it easy to build an end-to-end background check experience within your product, which will be automatically updated with new Checkr releases. Checkr embeds are fully themeable.

Checkr embeds are built using the Checkr WebSDK library, and can be added to your application using JavaScript or React (>= v16). Embeds are supported by Microsoft Edge, Chrome, and Firefox versions released on or after 2019.

Checkr embeds may be used by both developers building directly to the Checkr API, and by partner developers building partner applications.

View Example

Pre-requisites

• You already have an account with Checkr.
• Except for Sign-up & Connect embed: You have implemented Checkr OAuth if you are a partner.
  

To use a Checkr embed within your application

1. Load Checkr's Web SDK directly through CDN. This ensures you always have the latest version.
2. Add the embed to your frontend code.
3. Except for Sign-up & Connect embed: Implement authentication for the embed using a SessionToken.
4. Optionally, customize the embed based on your application's needs.

First, Load Checkr’s Web SDK using CDN

<script src="https://cdn.jsdelivr.net/npm/@checkr/web-sdk/dist/web-sdk.umd.js"></script>

The Examples section below showcases some examples.

For Sign-up & Connect embed no previous authentication is required. In fact, Sign-up & Connect embed will implement most of the Checkr OAuth flow for you. It provides your application with an Oauth Authorization Code to exchange for an OAuth access token, which can be used by your application to make API calls to Checkr on behalf of your customers.

This Access Token must be used to request SessionTokens for authentication using other embeds.

Notes on keeping your Access Token secure

Be aware that the following token exchanges must take place within your own backend application to avoid exposing Access Tokens in your frontend application, which are considered sensitive secrets:

1. Exchange of the Oauth Authorization Code for an Access Token
2. Exchange of the Access Token for a Session Token (specific to use with embeds.)

First, the embed authenticates with Checkr.

1. The embed sends a request from your application's frontend to your application's backend for a Checkr SessionToken.
2. Your application’s backend must first authenticate the logged in user using its own mechanisms, and then pass the request to Checkr.
3. Checkr sends a SessionToken to your backend in response.
4. Your application’s backend then passes the SessionToken to the embed running on your application's frontend.

While authentication is processing, the embed displays a loading state in your app. Then, the embed fetches and renders the returned data.

5. The embed uses Checkr APIs to request data.
6. Checkr APIs return the requested data directly to the embed.

When the requested data is returned, the embed renders within your application.

Embed authentication flow

When an Embed loads for the first time, it sends an HTTP POST request to your backend, requesting a SessionToken. Use the sessionTokenPath property to set your application's backend endpoint to use.

By default, your application's cookies are sent to your backend to help you authenticate the user. To enable authentication via headers (such as bearer tokens), use the sessionTokenRequestHeaders property as shown below.

Note: sessionTokenPath is a path to request the token, not the token itself. You should not be passing the token as a prop directly to the embed.

• JavaScript
• React

const embed = new Checkr.Embeds.NewInvitation({ sessionTokenPath: '/your-backend/session-tokens', sessionTokenRequestHeaders: () => ({ Authorization : `Bearer ${token}` })})

<NewInvitation sessionTokenPath='/your-backend/checkr-session-tokens' sessionTokenRequestHeaders={() => ({ Authorization : `Bearer ${token}` })}/>

Run your application's user authentication and authorization rules before requesting Checkr to acquire a SessionToken.

Step 1: The embed requests a SessionToken from your backend

The embed will use the sessionTokenPath property to request a SessionToken from your backend.

• JavaScript
• React

const embed = new Checkr.Embeds.NewInvitation({ sessionTokenPath: '/your-backend/session-tokens' })

<NewInvitation sessionTokenPath='/your-backend/checkr-session-tokens' />

Step 2: Send a request for a SessionToken from your backend to Checkr

Checkr provides two means to acquire this SessionToken: one for our direct customers, and one for our partner developers.

• Customers building directly to the Checkr APIs: Use the API Keys found in the Checkr Dashboard to request SessionTokens.

• Partner developers, building partner applications: Use the OAuth Access Token acquired through Checkr OAuth to request SessionTokens. This is a pre-requisite for using Embeds. See the Checkr Partner Guides for more information.

When your application’s backend receives the HTTP Post request from the embed, run authentication and authorization rules based on your application logic (for the current user), and then make the following call to Checkr.

Scopes are used to determine what access you are requesting for.

POST {checkr-api-host}/web_sdk/session_tokens

Checkr API host:

• Staging: https://api.checkr-staging.com/v1
• Production: https://api.checkr.com/v1

Use the following as the request JSON payload:

• Partner Request
• Direct Customer Request

curl --request POST \
  --url {checkr-api-host}/web_sdk/session_tokens \
  --user your-checkr-oauth-access-token: \
  --header 'Content-Type: application/json' \
  --data '{
    "scopes": ["order"]
}'

curl --request POST \
  --url {checkr-api-host}/web_sdk/session_tokens \
  --user your-checkr-api-key: \
  --header 'Content-Type: application/json' \
  --data '{
    "scopes": ["order"],
    "direct": true
}'

Step 3: Checkr responds to your backend with a SessionToken

Checkr will respond with a SessionToken.

{
  "token": "example-session-token"
}

Step 4: Return the acquired SessionToken from your backend to your frontend

Return the JSON response (from above) from the Checkr API back to your frontend.

SessionTokens are short-lived. If they expire, the embed will automatically attempt to renew them by re-executing Steps 2 to 4.

Fake mode lets you play with the Embed without it making any API calls. When fakeMode is enabled in an embed (all embeds support it), the embed would work using canned data.

• JavaScript
• React

const embed = new Checkr.Embeds.NewInvitation({ fakeMode: true })

<NewInvitation fakeMode={true} />

If you want to test with a Checkr Staging account, you can pass an additional param to any embed, env: "staging" to run the embeds against Staging. You can omit the env param entirely, or specify env: "production", to use a production account.

Note: Embeds do not support mixed Staging and Production usage on the same page - ensure all concurrently rendered embeds are using the same environment.

• JavaScript
• React

const embed = new Checkr.Embeds.SignUpFlow({
  env: 'staging'
  oauthTokenPath: '/your-backend/checkr-staging-oauth-token',
  partner: { id: 'abcdef1', name: 'Enterprise Partner Staging' },
});

<SignUpFlow
  env='staging'
  oauthTokenPath='/your-backend/checkr-staging-oauth-token'
  partner={{ id: 'abcdef1', name: 'Enterprise Partner Staging' }}
/>

While Embeds do not rely on Webhooks, you can definitely use it in combination with Embeds to build more advanced features such as workflow automation in your product.

Use the Sign-up & Connect embed to connect an existing Checkr account from an external application to Checkr and also create a Checkr account if needed.

This is the flow for Sign-up & Connect embed:

1. Initial screen
   1. Select "Already have an account? Sign in"
      1. Login to your Checkr account
      2. Get a code for your application backend to retrieve an access token.
      3. Back to your application
   2. Fill in user information and click "Get started"
      1. Get business information for Checkr account creation. Here is the business data required:
         1. Business Name
         2. DBA name (optional)
         3. Business Address (Street, City, State, Zip)
         4. US Tax ID (Must match the city associated with the Business Address)
         5. Credit Card information required for payment:
            1. Cardholder Name
            2. Card Number
            3. Expiration Date
            4. Security Code
            5. Zip Code
      2. Get a code for your application backend to retrieve an access token
      3. Back to your application

Note that Sign-up & Connect Embed doesn’t handle customer account credentialing step.

The Sign-up & Connect embed may be added to your page either inline or as a modal. Adding the embed inline will render the embed on your application's page. Adding it as a modal allows you to launch the embed from a button or other feature on your page.

Add the embed inline

Both JavaScript and React may be used to insert the Embed inline in your application.

• JavaScript
• React
• Result

const embed = new Checkr.Embeds.SignUpFlow({ oauthTokenPath='/your-backend/checkr-oauth-token', partner: { id: 'abcdef1', name: 'Enterprise Partner' } })
embed.render('#your-placeholder-div')

<SignUpFlow oauthTokenPath='/your-backend/checkr-oauth-token' partner={ id: 'abcdef1', name: 'Enterprise Partner' }/>

const btn = document.getElementById('your-button')

btn.addEventListener('click', event => {
  const embed = new Checkr.Embeds.SignUpFlow({ oauthTokenPath='/your-backend/checkr-oauth-token', partner: { id: 'abcdef1', name: 'Enterprise Partner' } })
  embed.modal()
})

embed.modal({ width: '700px' })