Checkr Web SDK (v1)

Overview

Checkr Embeds are the fastest way to add background check experiences to a product using pre-built components that you can add with a few lines of code. Our goal is to make it easy to build an end-to-end background check experience within your product, which will be automatically updated with new Checkr releases. Checkr embeds are fully themeable.

Checkr embeds are built using the Checkr WebSDK library, and can be added to your application using JavaScript or React (>= v16). Embeds are supported by Microsoft Edge, Chrome, and Firefox versions released on or after 2019.

Checkr embeds may be used by both developers building directly to the Checkr API, and by partner developers building partner applications.

Getting Started

Pre-requisites

  • You already have an account with Checkr.
  • Except for Sign-up & Connect embed: You have implemented Checkr OAuth if you are a partner.

To use a Checkr embed within your application

  1. Load Checkr's Web SDK directly through CDN. This ensures you always have the latest version.
  2. Add the embed to your frontend code.
  3. Except for Sign-up & Connect embed: Implement authentication for the embed using a SessionToken.
  4. Optionally, customize the embed based on your application's needs.

Load Checkr’s Web SDK

First, Load Checkr’s Web SDK using CDN

<script src="https://cdn.jsdelivr.net/npm/@checkr/web-sdk/dist/web-sdk.umd.js"></script>

The Examples section below showcases some examples.

Add authentication

For Sign-up & Connect embed no previous authentication is required. In fact, Sign-up & Connect embed will implement most of the Checkr OAuth flow for you. It provides your application with an Oauth Authorization Code to exchange for an OAuth access token, which can be used by your application to make API calls to Checkr on behalf of your customers.

This Access Token must be used to request SessionTokens for authentication using other embeds.

Notes on keeping your Access Token secure

Be aware that the following token exchanges must take place within your own backend application to avoid exposing Access Tokens in your frontend application, which are considered sensitive secrets:

  1. Exchange of the Oauth Authorization Code for an Access Token
  2. Exchange of the Access Token for a Session Token (specific to use with embeds.)

Add authentication for other embeds

Session Token Authentication

First, the embed authenticates with Checkr.

  1. The embed sends a request from your application's frontend to your application's backend for a Checkr SessionToken.
  2. Your application’s backend must first authenticate the logged in user using its own mechanisms, and then pass the request to Checkr.
  3. Checkr sends a SessionToken to your backend in response.
  4. Your application’s backend then passes the SessionToken to the embed running on your application's frontend.

While authentication is processing, the embed displays a loading state in your app. Then, the embed fetches and renders the returned data.

  1. The embed uses Checkr APIs to request data.
  2. Checkr APIs return the requested data directly to the embed.

When the requested data is returned, the embed renders within your application.

Embed authentication flow

When an Embed loads for the first time, it sends an HTTP POST request to your backend, requesting a SessionToken. Use the sessionTokenPath property to set your application's backend endpoint to use.

By default, your application's cookies are sent to your backend to help you authenticate the user. To enable authentication via headers (such as bearer tokens), use the sessionTokenRequestHeaders property as shown below.

Note: sessionTokenPath is a path to request the token, not the token itself. You should not be passing the token as a prop directly to the embed.

const embed = new Checkr.Embeds.NewInvitation({ sessionTokenPath: '/your-backend/session-tokens', sessionTokenRequestHeaders: () => ({ Authorization : `Bearer ${token}` })})
<NewInvitation sessionTokenPath='/your-backend/checkr-session-tokens' sessionTokenRequestHeaders={() => ({ Authorization : `Bearer ${token}` })}/>
Note: Do not use a public endpoint for the sessionTokenPath property. Be certain to complete your application's user authentication and authorization before responding to the request.

Run your application's user authentication and authorization rules before requesting Checkr to acquire a SessionToken.

Step 1: The embed requests a SessionToken from your backend

The embed will use the sessionTokenPath property to request a SessionToken from your backend.

const embed = new Checkr.Embeds.NewInvitation({ sessionTokenPath: '/your-backend/session-tokens' })
<NewInvitation sessionTokenPath='/your-backend/checkr-session-tokens' />

Step 2: Send a request for a SessionToken from your backend to Checkr

Checkr provides two means to acquire this SessionToken: one for our direct customers, and one for our partner developers.

  • Customers building directly to the Checkr APIs: Use the API Keys found in the Checkr Dashboard to request SessionTokens.

  • Partner developers, building partner applications: Use the OAuth Access Token acquired through Checkr OAuth to request SessionTokens. This is a pre-requisite for using Embeds. See the Checkr Partner Guides for more information.

When your application’s backend receives the HTTP Post request from the embed, run authentication and authorization rules based on your application logic (for the current user), and then make the following call to Checkr.

Scopes are used to determine what access you are requesting for.

Scope Use case
order NewInvitation Embed, ReportsOverview Embed
disclosure Disclosure & Consent Embed

POST {checkr-api-host}/web_sdk/session_tokens

Checkr API host:

Use the following as the request JSON payload:

curl --request POST \
  --url {checkr-api-host}/web_sdk/session_tokens \
  --user your-checkr-oauth-access-token: \
  --header 'Content-Type: application/json' \
  --data '{
    "scopes": ["order"]
}'
curl --request POST \
  --url {checkr-api-host}/web_sdk/session_tokens \
  --user your-checkr-api-key: \
  --header 'Content-Type: application/json' \
  --data '{
    "scopes": ["order"],
    "direct": true
}'

Step 3: Checkr responds to your backend with a SessionToken

Checkr will respond with a SessionToken.

{
  "token": "example-session-token"
}

Step 4: Return the acquired SessionToken from your backend to your frontend

Return the JSON response (from above) from the Checkr API back to your frontend.

SessionTokens are short-lived. If they expire, the embed will automatically attempt to renew them by re-executing Steps 2 to 4.

Use fakeMode to preview Embeds

Fake mode lets you play with the Embed without it making any API calls. When fakeMode is enabled in an embed (all embeds support it), the embed would work using canned data.

const embed = new Checkr.Embeds.NewInvitation({ fakeMode: true })
<NewInvitation fakeMode={true} />

Use a Staging account to test Embeds

If you want to test with a Checkr Staging account, you can pass an additional param to any embed, env: "staging" to run the embeds against Staging. You can omit the env param entirely, or specify env: "production", to use a production account.

Note: Embeds do not support mixed Staging and Production usage on the same page - ensure all concurrently rendered embeds are using the same environment.

const embed = new Checkr.Embeds.SignUpFlow({
  env: 'staging'
  oauthTokenPath: '/your-backend/checkr-staging-oauth-token',
  partner: { id: 'abcdef1', name: 'Enterprise Partner Staging' },
});
<SignUpFlow
  env='staging'
  oauthTokenPath='/your-backend/checkr-staging-oauth-token'
  partner={{ id: 'abcdef1', name: 'Enterprise Partner Staging' }}
/>

Webhooks

While Embeds do not rely on Webhooks, you can definitely use it in combination with Embeds to build more advanced features such as workflow automation in your product.

Sign-up & Connect Embed

Use the Sign-up & Connect embed to connect an existing Checkr account from an external application to Checkr and also create a Checkr account if needed.

This is the flow for Sign-up & Connect embed:

  1. Initial screen
    1. Select "Already have an account? Sign in"
      1. Login to your Checkr account
      2. Get a code for your application backend to retrieve an access token.
      3. Back to your application
    2. Fill in user information and click "Get started"
      1. Get business information for Checkr account creation. Here is the business data required:
        1. Business Name
        2. DBA name (optional)
        3. Business Address (Street, City, State, Zip)
        4. US Tax ID (Must match the city associated with the Business Address)
        5. Credit Card information required for payment:
          1. Cardholder Name
          2. Card Number
          3. Expiration Date
          4. Security Code
          5. Zip Code
      2. Get a code for your application backend to retrieve an access token
      3. Back to your application

Note that Sign-up & Connect Embed doesn’t handle customer account credentialing step.

Add the embed to your page

The Sign-up & Connect embed may be added to your page either inline or as a modal. Adding the embed inline will render the embed on your application's page. Adding it as a modal allows you to launch the embed from a button or other feature on your page.

Add the embed inline

Both JavaScript and React may be used to insert the Embed inline in your application.

const embed = new Checkr.Embeds.SignUpFlow({ oauthTokenPath='/your-backend/checkr-oauth-token', partner: { id: 'abcdef1', name: 'Enterprise Partner' } })
embed.render('#your-placeholder-div')
<SignUpFlow oauthTokenPath='/your-backend/checkr-oauth-token' partner={ id: 'abcdef1', name: 'Enterprise Partner' }/>

Add the embed as a modal

Use JavaScript to launch the Embed as a modal, for example on the click of a button in your application.

const btn = document.getElementById('your-button')

btn.addEventListener('click', event => {
  const embed = new Checkr.Embeds.SignUpFlow({ oauthTokenPath='/your-backend/checkr-oauth-token', partner: { id: 'abcdef1', name: 'Enterprise Partner' } })
  embed.modal()
})

The default modal width is 600px on desktops and 100% on mobile devices. Use width option to change the desktop width.

embed.modal({ width: '700px' })

Add Authentication

Frontend Examples

const embed = new Checkr.Embeds.SignUpFlow({ oauthTokenPath='/your-backend/checkr-oauth-token', partner: { id: 'abcdef1', name: 'Enterprise Partner' } })

Backend Requirement: endpoint to accept Oauth Authorization Code

You will need to implement a backend endpoint to accept the Oauth Authorization Code obtained upon completion of the signup flow.

The Embed utilizes the oauthTokenPath property to send the Oauth Authorization Code to your backend where it should be exchanged for an Access Token. This token is used to request a session token which can be used in other embeds.

The partner is required to possess both the client_id and client_secret, which can be located within the partner application data. This information is readily accessible for review via the Checkr dashboard and should live on your backend.

Example

An example implementation of the backend call in javascript would be:

import axios from "axios";

async function createOauthToken(body) {
  try {
    const response = await axios({
      method: "POST",
      url: `https://api.checkr.com/oauth/tokens`,
      headers: {
        "Content-Type": "application/x-www-form-urlencoded",
      },
      data: body,
    });

    return response.data;
  } catch (error) {
    throw error.response.errors;
  }
}

async function getOauthToken(req, context) {
  const { code } = await req.json();

  const body = {
    grant_type: "authorization_code",
    client_id: "<your_partner_app_client_id>",
    client_secret: "<your_partner_app_client_secret>",
    code: code,
  };

  const { access_token } = await createOauthToken(body);
  //Decide where & how you want save the oauth token
  await saveToken(access_token);

  res.status(200).json({ message: 'Token created successfully' });
}

The steps:

  1. Use code to call the ‘/oauth/tokens’ Checkr endpoint
  2. Save oauth token in your database or other secured storage for later use

Customize the embed

The Sign-up & Connect embed provides the following options to customize its default behavior.

Add preset values for Account Creation step

Use preset to specify a fixed value for an available input value. Preset inputs are displayed on the embed and it is available for users to edit it. Checkr provides 9 preset values for the Sign-up & Connect Embed:

  • presetFirstName
  • presetLastName
  • presetEmail
  • presetBusinessName
  • presetAddress
  • presetCity
  • presetState
  • presetZipcode
  • presetUSTaxID
const embed = new Checkr.Embeds.SignUpFlow({
  oauthTokenPath:'/your-backend/checkr-oauth-token',
  partner:{id: 'abcdef1', name: 'Enterprise Partner'},
  presetName: 'John',
  presetLastName: 'Doe',
  presetEmail: 'johndoe@test.com',
  presetCity: 'San Francisco',
  presetTaxId: '123-45-6789',
  presetZipCode: '94103',
  presetBusinessName: 'Test Company',
  presetBusinessAddress: '123 Main St',
  presetState: 'CA',
  presetTaxId: '123-45-6789',
})
<SignUpFlow
  oauthTokenPath='/your-backend/checkr-oauth-token'
  partner={{id: 'abcdef1', name: 'Enterprise Partner'}}
  presetName='John'
  presetLastName='Doe'
  presetEmail='johndoe@test.com'
  presetCity='San Francisco'
  presetTaxId='123-45-6789'
  presetZipCode='94103'
  presetBusinessName='Test Company'
  presetBusinessAddress='123 Main St'
  presetState='CA'
  presetTaxId='123-45-6789'
/>