Published · Last updated
Embed Affiliate Signup
Add the Ambassly signup widget to your own site so a visitor can verify their email, join one affiliate program, and receive their referral link without leaving the page. The widget carries your program name and commission terms, follows the visitor's light or dark color scheme, and includes a small Powered by Ambassly footer.
Install the widget
Paste this snippet where you want the signup card to appear:
<script
src="https://ambassly.com/embed.js"
data-ambassly-config="SIGNED_PROGRAM_CONFIG"
async
></script>
Copy the complete snippet from the program card in your Ambassly dashboard. SIGNED_PROGRAM_CONFIG is a stable, signed value that binds your company to exactly one program. It contains public identifiers and a signature, never a database ID or signing secret. Editing the company or program portion makes the configuration fail verification.
The loader inserts the iframe immediately after the script tag. It derives the widget origin from its own src, verifies the signed configuration on Ambassly's server, and loads only the bound program.
Size and style
The iframe fills the width of its parent and reports its content height to the loader as the form changes. Control its width by wrapping the snippet:
<div style="max-width: 960px; margin: 0 auto;">
<script
src="https://ambassly.com/embed.js"
data-ambassly-config="SIGNED_PROGRAM_CONFIG"
async
></script>
</div>
The content inside the cross-origin iframe is intentionally isolated from your site's CSS. Your page controls the outer width and spacing; Ambassly controls the accessible form, colors, borders, and responsive two-panel layout inside it. The widget follows prefers-color-scheme automatically.
If your site has a Content Security Policy, allow both resources:
script-src https://ambassly.com
frame-src https://ambassly.com
Signup and approval settings
Public signup is off by default. Enable Public signup widget on the program card before publishing the snippet. Paused or archived programs, archived companies, expired trials, disabled signup settings, invalid signatures, and mismatched company/program configurations are rejected by both the widget page and its code endpoints.
The program's Auto-approve public signups setting controls the initial membership state:
- On — a verified visitor becomes an active affiliate immediately and can use the referral link shown by the widget.
- Off — the membership is created as invited and waits for you to click Approve beside that affiliate in the dashboard. No usable referral link is exposed while approval is pending.
Codes contain six digits, expire after about 10 minutes, and work once. Ambassly stores only a keyed hash of each code and transactionally rate-limits requests by email and hashed client IP; raw IP addresses are not retained. The send response does not reveal whether an affiliate identity already exists for an email address.
Re-enrolling the same verified email is idempotent: Ambassly reuses the affiliate identity and that program's existing membership and referral code. A signed configuration for one company cannot be altered to enroll someone into a different company's program.
Referral destination
Set the program's default destination URL before publishing the widget. After verification, Ambassly appends the affiliate's code as ?via=CODE while preserving any existing query parameters. For example:
https://merchant.example/pricing?plan=pro
becomes:
https://merchant.example/pricing?plan=pro&via=AFFILIATE_CODE
The visitor can copy that link from the widget and open the full Ambassly affiliate portal for detailed links, performance, commissions, and payouts.
The signup widget creates supply; the tracking snippet records demand. Keep a.js installed on the merchant destination so the ?via=CODE value is captured and forwarded into Stripe Checkout.
Browser security
The form runs inside an Ambassly-origin iframe, isolated from the host page's JavaScript and CSS. Enrollment API requests are accepted from the iframe's Ambassly origin, not from the merchant parent origin, and do not use browser credentials. The signed configuration is verified again for code delivery and verification; CORS is not treated as authorization.