Developer Documentation

Integration Guide

Everything you need to integrate Legion Hand Technologies widgets and webhooks into your application.

iFrame Embed

Quick integration with simple iframe embedding

Web Components

Modern custom elements for seamless integration

JavaScript SDK

Full programmatic control with our SDK

Webhooks

Real-time event notifications

Getting Started

Integration Overview

Legion Hand Technologies widgets can be integrated into your website using three different methods, each suited for different use cases.

iFrame Method

Simple iframe embedding for quick integration with any website. Best for static sites and CMS platforms.

Easy Setup

Isolated

Web Components

Modern web component approach for better integration with React, Vue, Angular, and other frameworks.

Framework-agnostic

Customizable

JavaScript API

Full programmatic control with our JavaScript SDK for advanced integrations and dynamic content.

Full Control

Advanced

Which method should I use?

Choose iFrame if you need quick setup with minimal code changes

Choose Web Components for modern apps requiring customization and style control

Choose JavaScript API when you need dynamic widget creation and lifecycle management

Simple Integration

iFrame Integration

The simplest way to embed widgets using iframes. This method provides good isolation and works with any website.

Basic Usage

1<!-- Profile Widget -->
2<iframe
3  src="https://your-domain.com/widget/profile"
4  width="100%"
5  height="400"
6  frameborder="0">
7</iframe>
8
9<!-- Campaigns Carousel Widget -->
10<iframe
11  src="https://your-domain.com/widget/campaigns-carousel"
12  width="100%"
13  height="320"
14  frameborder="0">
15</iframe>

Responsive iFrame

1<div style="position: relative; width: 100%; height: 0; padding-bottom: 56.25%;">
2  <iframe
3    src="https://your-domain.com/widget/profile"
4    style="position: absolute; top: 0; left: 0; width: 100%; height: 100%;"
5    frameborder="0">
6  </iframe>
7</div>

Modern Approach

Web Component Integration

Web components provide better integration with modern web applications and allow for more customization.

Include the Script

1<!-- For Profile Widget -->
2<script src="https://your-domain.com/js/profile-widget.js"></script>
3
4<!-- For Campaigns Carousel Widget -->
5<script src="https://your-domain.com/js/campaigns-carousel-widget.js"></script>

Use the Component

1<!-- Profile Widget -->
2<legion-profile-widget
3  user-id="123"
4  theme="light"
5  show-contact="true">
6</legion-profile-widget>
7
8<!-- Campaigns Carousel Widget -->
9<legion-campaigns-carousel
10  max-campaigns="5"
11  theme="light"
12  height="280"
13  show-expiration="true">
14</legion-campaigns-carousel>

Available Attributes

Profile Widget

user-id

The user ID to display

theme

"light" or "dark"

show-contact

Show contact info

width

Widget width

height

Widget height

Campaigns Carousel

max-campaigns

1-10, default: 5

theme

"light" or "dark"

height

200-500px

show-expiration

Show dates

api-key

Optional auth key

Social Grid Deep-linking

To open your Community Page when users click a social grid image, add community-url to <legion-social>.

1<script src="https://your-domain.com/js/social-widget.js"></script>
2<legion-social
3  layout="grid"
4  rows="3"
5  cols="3"
6  api-url="https://your-domain.com"
7  community-url="https://your-site.com/community">
8</legion-social>

Advanced Integration

JavaScript API

For advanced integration, use our JavaScript API to programmatically control widgets.

Initialize the SDK

1<script src="https://your-domain.com/js/legion-sdk.js"></script>
2<script>
3  const legion = new LegionSDK({
4    apiKey: 'your-api-key',
5    baseUrl: 'https://your-domain.com'
6  });
7</script>

Create a Widget

1const profileWidget = legion.createWidget('profile', {
2  container: '#profile-container',
3  userId: '123',
4  theme: 'light',
5  onLoad: () => console.log('Widget loaded'),
6  onError: (error) => console.error('Widget error:', error)
7});

Widget Methods

1// Update widget data
2profileWidget.update({ userId: '456' });
3
4// Refresh widget
5profileWidget.refresh();
6
7// Destroy widget
8profileWidget.destroy();

Webhook Types

Real-time Events

Bearer Auth

JSON Payloads

Webhooks Documentation

Receive real-time notifications when events occur in your Legion Hand Technologies integration.

Authentication

Bearer Token

Method

POST

Content Type

application/json

Success Response

2XX Status

Webhooks Documentation

Verification Webhook

When a task verification is submitted, a webhook is sent to notify external systems about the verification details and status.

Endpoint Configuration

The webhook endpoint and authentication are configured through environment variables:

VERIFICATION_WEBHOOK_URL: The URL where the verification webhook will be sent
VERIFICATION_WEBHOOK_SECRET: The secret token used for webhook authentication

Request Details

Method: POST

Headers:

Content-Type: application/json
Authorization: Bearer ${VERIFICATION_WEBHOOK_SECRET}

Payload Structure

The webhook sends a JSON payload with the following structure:

const webhookData = {
  // Verification Information
  verification_id: string, // MongoDB ObjectId of the verification
  user_id: string, // MongoDB ObjectId of the user
  user_email: string | null, // Email of the user who submitted
  claim_id: string, // MongoDB ObjectId of the claim
  task_id: string, // MongoDB ObjectId of the task
  approved: boolean, // Whether verification is approved
  rejected: boolean, // Whether verification is rejected
  rejected_reason: string | null, // Reason for rejection if rejected
  reviewed: boolean, // Whether verification is reviewed
  started: boolean, // Whether verification is started
  started_at: DateTime | null, // When verification was started
  submitted: boolean, // Whether verification is submitted
  submitted_at: DateTime | null, // When verification was submitted
  text: string | null, // Text content if any
  link: string | null, // Link content if any
  lat: number | null, // Latitude if location provided
  long: number | null, // Longitude if location provided
  created_at: DateTime, // Creation timestamp
  updated_at: DateTime, // Last update timestamp

  // Media Assets
  assets: Array<{
    caption: string | null; // Asset caption
    duration: number; // Duration for video/audio
    exif: string; // EXIF data for images
    height: number; // Asset height
    media_subtypes: string[]; // Media subtypes
    media_type: string; // Media type
    uri: string; // Asset URI/URL
    width: number; // Asset width
    created_at: DateTime; // Asset creation timestamp
    updated_at: DateTime; // Asset update timestamp
  }>,

  // Survey Responses
  survey_responses: Array<{
    field_id: string; // Survey field ID
    response: string; // User's response
    created_at: DateTime; // Response creation timestamp
    updated_at: DateTime; // Response update timestamp
  }>,

  // Associated Claim
  claim:
    {
      id: string, // MongoDB ObjectId of the claim
      completed: boolean, // Whether claim is completed
      completed_at: DateTime | null, // When claim was completed
      submitted: boolean, // Whether claim is submitted
      submitted_at: DateTime | null, // When claim was submitted
      opportunity:
        {
          // Associated opportunity
          id: string, // MongoDB ObjectId of the opportunity
          name: string, // Opportunity name
          one_line_description: string, // Short description
          image: string | null, // Opportunity image URL
        } | null,
    } | null,
};

Success Response

A successful webhook call will receive a 2XX response. Any other response code indicates a failure.

Error Handling

The webhook implementation includes error handling:

Network errors are caught and logged
Non-200 responses are logged with their error message
Webhook failures do not prevent verification processing
All errors are logged but don't block the verification process

Example Usage

try {
  const webhookResponse = await fetch(process.env.VERIFICATION_WEBHOOK_URL, {
    method: "POST",
    headers: {
      "Content-Type": "application/json",
      Authorization: `Bearer ${process.env.VERIFICATION_WEBHOOK_SECRET}`,
    },
    body: JSON.stringify(webhookData),
  });

  if (!webhookResponse.ok) {
    console.error(
      "Verification webhook call failed:",
      await webhookResponse.text()
    );
  }
} catch (error) {
  console.error("Error calling verification webhook:", error);
}

Security

The webhook uses Bearer token authentication
All communication should be over HTTPS
The webhook secret should be kept secure and rotated periodically
The webhook endpoint should validate the Bearer token
Consider implementing webhook signature validation for additional security

Claim Completion Webhook

When a claim is completed and all verifications are approved, a webhook is sent to notify external systems about the successful claim completion.

Claim Completion Endpoint Configuration

The webhook endpoint and authentication are configured through environment variables:

WEBHOOK_URL: The URL where the webhook will be sent
WEBHOOK_SECRET: The secret token used for webhook authentication

Claim Completion Request Details

Method: POST

Headers:

Content-Type: application/json
Authorization: Bearer ${WEBHOOK_SECRET}

Claim Completion Payload Structure

The webhook sends a JSON payload with the following structure:

const webhookData = {
  // Claim Information
  claim_id: string,                    // MongoDB ObjectId of the claim
  verifications: TaskVerification[],   // Array of task verifications
  completed: boolean,                  // Whether the claim is completed
  completed_at: DateTime | null,       // When the claim was completed
  created_at: DateTime,                // When the claim was created
  purchase_amount: number | null,      // Purchase amount if applicable
  rejected: boolean,                   // Whether the claim was rejected
  submitted: boolean,                  // Whether the claim was submitted
  submitted_at: DateTime | null,       // When the claim was submitted
  updated_at: DateTime,                // Last update timestamp
  user_id: string,                     // MongoDB ObjectId of the user
  user_email: string,                  // Email of the user who made the claim
  opportunity_id: string | null,       // MongoDB ObjectId of the opportunity
  opportunity_location_id: string | null, // MongoDB ObjectId of the opportunity location

  // Opportunity Information (null if no opportunity associated)
  opportunity: {
    id: string,                        // MongoDB ObjectId of the opportunity
    active: boolean | null,            // Whether the opportunity is active
    available_anywhere: boolean | null, // Whether it's available anywhere
    reward: Reward | null,             // Associated reward details
    tasks: Task[],                     // Array of tasks
    boost: boolean | null,             // Whether it's boosted
    budget: number | null,             // Budget amount
    created_at: DateTime,              // Creation timestamp
    currency: string | null,           // Currency code
    detailed_description: string | null, // Detailed description
    draft: boolean | null,             // Whether it's a draft
    end_date: DateTime,                // End date
    gift: boolean | null,              // Whether it's a gift
    image: string | null,              // Image URL
    instance_limit: number | null,     // Instance limit
    location_dependent: boolean | null, // Whether it's location dependent
    location_tag_ids: string[],        // Array of location tag ObjectIds
    location_limit: number | null,     // Location limit
    name: string,                      // Opportunity name
    one_line_description: string,      // Short description
    perpetual: boolean | null,         // Whether it's perpetual
    start_date: string | null,         // Start date
    targeted: boolean | null,          // Whether it's targeted
    type: OpportunityType | null,      // Opportunity type
    updated_at: DateTime,              // Last update timestamp
    video: string | null,              // Video URL
    completed: boolean,                // Whether it's completed
    view_counter: number[],            // View count array
    click_counter: number[],           // Click count array
    save_counter: number[],            // Save count array
    counter_start_date: DateTime | null, // Counter start date
    tags: string[]                     // Array of tag ObjectIds
  } | null
}

Claim Completion Success Response

A successful webhook call will receive a 2XX response. Any other response code indicates a failure.

Claim Completion Error Handling

The webhook implementation includes error handling:

Network errors are caught and logged
Non-200 responses are logged with their error message
Webhook failures do not prevent reward generation
All errors are logged but don't block the claim process

Claim Completion Example Usage

try {
  const webhookResponse = await fetch(process.env.WEBHOOK_URL, {
    method: "POST",
    headers: {
      "Content-Type": "application/json",
      Authorization: `Bearer ${process.env.WEBHOOK_SECRET}`,
    },
    body: JSON.stringify(webhookData),
  });

  if (!webhookResponse.ok) {
    console.error("Webhook call failed:", await webhookResponse.text());
  }
} catch (error) {
  console.error("Error calling webhook:", error);
}

Claim Completion Security

The webhook uses Bearer token authentication
All communication should be over HTTPS
The webhook secret should be kept secure and rotated periodically
The webhook endpoint should validate the Bearer token
Consider implementing webhook signature validation for additional security

Reward Webhook

When a reward is generated after a successful claim completion, a webhook is sent to notify external systems about the reward details.

Reward Endpoint Configuration

The webhook endpoint and authentication are configured through environment variables:

REWARD_WEBHOOK_URL: The URL where the reward webhook will be sent
REWARD_WEBHOOK_SECRET: The secret token used for webhook authentication

Reward Request Details

Method: POST

Headers:

Content-Type: application/json
Authorization: Bearer ${REWARD_WEBHOOK_SECRET}

Reward Payload Structure

The webhook sends a JSON payload with the following structure:

const webhookData = {
  // Reward Information
  reward_id: string,                   // MongoDB ObjectId of the reward
  type: RewardType,                    // Type of reward (Voucher, CouponFixed, etc.)
  description: string | null,          // Reward description
  restrictions: string | null,         // Any restrictions on the reward
  expiration_days: number,             // Number of days until expiration

  // Rank-based Information
  rank_based: boolean,                 // Whether reward is rank-based
  amount_bronze: number | null,        // Amount for Bronze rank
  amount_silver: number | null,        // Amount for Silver rank
  amount_gold: number | null,          // Amount for Gold rank
  amount_platinum: number | null,      // Amount for Platinum rank

  // SKU Information
  sku_bronze: string | null,           // SKU for Bronze rank
  sku_silver: string | null,           // SKU for Silver rank
  sku_gold: string | null,             // SKU for Gold rank
  sku_platinum: string | null,         // SKU for Platinum rank

  // Redemption Location Information
  redemption_tags: Array<{             // Redemption location tags
    id: string,                        // Tag ID
    name: string,                      // Tag name
    description: string                // Tag description
  }>,
  eligible_locations: Array<any>,      // Eligible redemption locations
  has_direct_locations: boolean,       // Whether there are direct locations
  has_tag_based_locations: boolean,    // Whether there are tag-based locations

  // Coupon Information (always included)
  coupon: {
    id: string,                        // MongoDB ObjectId of the coupon
    amount: number | null,             // Amount for fixed coupons
    coupon_type: CouponType | null,    // Type of coupon (Fixed, Percentage, Custom)
    percentage: number | null,         // Percentage for percentage coupons
    expires: Date,                     // Expiration date
    description: string | null,        // Coupon description
    restrictions: string | null,       // Coupon restrictions
    image: string | null               // Coupon image URL
  },

  // User Information
  user: {
    id: string,                        // MongoDB ObjectId of the user
    email: string,                     // User's email address
    username: string | null,           // User's username
    rank: Rank                         // User's rank (Bronze, Silver, etc.)
  },

  // Claim Information
  claim: {
    id: string,                        // MongoDB ObjectId of the claim
    completed: boolean,                // Whether claim is completed
    completed_at: Date,                // When claim was completed
    created_at: Date,                  // When claim was created
    submitted: boolean,                // Whether claim was submitted
    submitted_at: Date | null,         // When claim was submitted
    verifications: Array<{             // Array of verification statuses
      id: string,                      // Verification ID
      approved: boolean,               // Whether verification was approved
      rejected: boolean,               // Whether verification was rejected
      rejected_reason: string | null,  // Reason for rejection if any
      submitted: boolean,              // Whether verification was submitted
      submitted_at: Date | null,       // When verification was submitted
      purchase_amount: number | null   // Purchase amount if applicable
    }>
  },

  // Opportunity Information
  opportunity: {
    id: string,                        // MongoDB ObjectId of the opportunity
    name: string,                      // Opportunity name
    one_line_description: string,      // Short description
    detailed_description: string | null, // Detailed description
    image: string | null               // Opportunity image URL
  }
}

Reward Success Response

A successful webhook call will receive a 2XX response. Any other response code indicates a failure.

Reward Error Handling

The webhook implementation includes error handling:

Network errors are caught and logged
Non-200 responses are logged with their error message
Webhook failures do not prevent reward generation
All errors are logged but don't block the reward process

Reward Example Usage

try {
  const webhookResponse = await fetch(process.env.REWARD_WEBHOOK_URL, {
    method: "POST",
    headers: {
      "Content-Type": "application/json",
      Authorization: `Bearer ${process.env.REWARD_WEBHOOK_SECRET}`,
    },
    body: JSON.stringify(webhookData),
  });

  if (!webhookResponse.ok) {
    console.error("Reward webhook call failed:", await webhookResponse.text());
  }
} catch (error) {
  console.error("Error calling reward webhook:", error);
}

Reward Security

The webhook uses Bearer token authentication
All communication should be over HTTPS
The webhook secret should be kept secure and rotated periodically
The webhook endpoint should validate the Bearer token
Consider implementing webhook signature validation for additional security

External Coupon Redemption Webhook

When an external coupon is redeemed by a user, a webhook is sent to the configured external system to handle the redemption process.

Endpoint Configuration

The webhook endpoint is configured at the shop level via the Shop.webhookUrls array in the database. The system will select the first URL in this list that matches a coupon-specific pattern (e.g., contains "coupon"). The authentication is configured through environment variables:

EXTERNAL_COUPON_WEBHOOK_SECRET: The secret token used for webhook authentication

Request Details

Method: POST

Headers:

Content-Type: application/json
Authorization: Bearer ${EXTERNAL_COUPON_WEBHOOK_SECRET}

Payload Structure

The webhook sends a JSON payload with the following structure:

const webhookPayload = {
  // Coupon Information
  coupon_id: string, // MongoDB ObjectId of the coupon being redeemed
  user_id: string, // MongoDB ObjectId of the user redeeming the coupon

  // User Information
  user: {
    id: string, // MongoDB ObjectId of the user
    username: string, // User's username
    email: string, // User's email address
  },

  // Coupon Details
  coupon: {
    id: string, // MongoDB ObjectId of the coupon
    coupon_type: CouponType, // Type of coupon (Fixed, Percentage, Custom)
    amount: number | null, // Amount for fixed coupons (in cents)
    percentage: number | null, // Percentage for percentage coupons
    description: string | null, // Coupon description
    expires: Date, // Expiration date
    restriction: string | null, // Coupon restrictions
  },

  // Metadata
  timestamp: string, // ISO timestamp of redemption
};

Expected Response

The external webhook endpoint should return a JSON response with the following structure:

{
  success: boolean,                    // Whether the redemption was successful
  message?: string,                    // Optional message to display to the user
  instructions?: string,               // Optional instructions for the user
  externalId?: string,                 // Optional external reference ID
  data?: any                          // Optional additional data
}

Error Handling

If the webhook returns a non-2xx status code, the redemption will fail
The coupon will not be marked as redeemed if the webhook fails
Error messages from the webhook will be logged server-side
Users will receive a generic error message if the webhook fails

Implementation Example

// Example webhook endpoint implementation
app.post("/webhook/coupon-redemption", (req, res) => {
  const { coupon_id, user_id, user, coupon, timestamp } = req.body;

  // Validate the Bearer token
  const authHeader = req.headers.authorization;
  if (!authHeader || !authHeader.startsWith("Bearer ")) {
    return res.status(401).json({ error: "Unauthorized" });
  }

  const token = authHeader.substring(7);
  if (token !== process.env.EXTERNAL_COUPON_WEBHOOK_SECRET) {
    return res.status(401).json({ error: "Invalid token" });
  }

  try {
    // Process the coupon redemption in your external system
    const result = await processExternalCouponRedemption({
      coupon_id,
      user_id,
      user,
      coupon,
      timestamp,
    });

    // Return success response
    res.json({
      success: true,
      message: "Coupon redeemed successfully!",
      instructions: "Present this confirmation at checkout.",
      externalId: result.id,
    });
  } catch (error) {
    console.error("Error processing coupon redemption:", error);
    res.status(500).json({
      success: false,
      error: "Failed to process coupon redemption",
    });
  }
});

Security

The webhook uses Bearer token authentication
All communication should be over HTTPS
The webhook secret should be kept secure and rotated periodically
The webhook endpoint should validate the Bearer token
Consider implementing webhook signature validation for additional security

External Voucher Redemption Webhook

When an external voucher is redeemed by a user, a webhook is sent to the configured external system to handle the redemption process.

Endpoint Configuration

The webhook endpoint is configured at the shop level via the Shop.webhookUrls array in the database. The system will select the first URL in this list that matches a voucher-specific pattern (e.g., contains "voucher"). The authentication is configured through environment variables:

EXTERNAL_VOUCHER_WEBHOOK_SECRET: The secret token used for webhook authentication

Request Details

Method: POST

Headers:

Content-Type: application/json
Authorization: Bearer ${EXTERNAL_VOUCHER_WEBHOOK_SECRET}

Payload Structure

The webhook sends a JSON payload with the following structure:

const webhookPayload = {
  // Voucher Information
  voucher_id: string, // MongoDB ObjectId of the voucher being redeemed
  user_id: string, // MongoDB ObjectId of the user redeeming the voucher

  // User Information
  user: {
    id: string, // MongoDB ObjectId of the user
    username: string, // User's username
    email: string, // User's email address
  },

  // Voucher Details
  voucher: {
    id: string, // MongoDB ObjectId of the voucher
    text: string, // Voucher text/title
    amount: number | null, // Amount for value vouchers (in cents)
    description: string | null, // Voucher description
    expires: Date, // Expiration date
    restriction: string | null, // Voucher restrictions
  },

  // Metadata
  timestamp: string, // ISO timestamp of redemption
};

Expected Response

The external webhook endpoint should return a JSON response with the following structure:

{
  success: boolean,                    // Whether the redemption was successful
  message?: string,                    // Optional message to display to the user
  instructions?: string,               // Optional instructions for the user
  externalId?: string,                 // Optional external reference ID
  data?: any                          // Optional additional data
}

Error Handling

If the webhook returns a non-2xx status code, the redemption will fail
The voucher will not be marked as redeemed if the webhook fails
Error messages from the webhook will be logged server-side
Users will receive a generic error message if the webhook fails

Implementation Example

// Example webhook endpoint implementation
app.post("/webhook/voucher-redemption", (req, res) => {
  const { voucher_id, user_id, user, voucher, timestamp } = req.body;

  // Validate the Bearer token
  const authHeader = req.headers.authorization;
  if (!authHeader || !authHeader.startsWith("Bearer ")) {
    return res.status(401).json({ error: "Unauthorized" });
  }

  const token = authHeader.substring(7);
  if (token !== process.env.EXTERNAL_VOUCHER_WEBHOOK_SECRET) {
    return res.status(401).json({ error: "Invalid token" });
  }

  try {
    // Process the voucher redemption in your external system
    const result = await processExternalVoucherRedemption({
      voucher_id,
      user_id,
      user,
      voucher,
      timestamp,
    });

    // Return success response
    res.json({
      success: true,
      message: "Voucher redeemed successfully!",
      instructions: "Present this confirmation at the store.",
      externalId: result.id,
    });
  } catch (error) {
    console.error("Error processing voucher redemption:", error);
    res.status(500).json({
      success: false,
      error: "Failed to process voucher redemption",
    });
  }
});

Security

The webhook uses Bearer token authentication
All communication should be over HTTPS
The webhook secret should be kept secure and rotated periodically
The webhook endpoint should validate the Bearer token
Consider implementing webhook signature validation for additional security

Need Help?

Contact Legion Hand Technologies support for assistance with widget integration or webhook configuration.

[email protected]