English Español Português (Brasil) Français Deutsch Italiano Română
Log in Start free trial

Widget embed reference

Every attribute the embed snippet accepts, what it does, and when to set it.

Most people only need the snippet copied from Settings → Chat → Embed snippet. This article documents every attribute for those who need to customize.

The default snippet

<script
  src="https://cdn.nura24.com/widget.js"
  data-key="ek_acme_xyz123"
  data-reverb-key="..."
  data-reverb-host="reverb.nura24.com"
  data-reverb-port="443"
  data-reverb-scheme="https"
  async></script>

Required attributes

data-key

Your workspace's embed key. Without it the widget script aborts on load — no UI, no chat. The key looks like ek_<subdomain>_<random>.

Regenerable from settings. When you regenerate, the old key stops working immediately — update every embed before regenerating.

src

The widget JavaScript URL. Always our CDN; don't host it yourself (we ship updates and bug fixes through it).

WebSocket attributes (optional but recommended)

These four go together. With them, the widget receives new messages via WebSocket instantly. Without them, it falls back to polling every 3 seconds.

data-reverb-key

The Reverb / Pusher app key for our WebSocket layer. Public information — it's safe to include in client-side HTML.

data-reverb-host

WebSocket server hostname. Typically reverb.nura24.com.

data-reverb-port

Port — 443 for production (TLS), 80 for plain WebSocket in dev environments.

data-reverb-scheme

https or http. Production should be https.

Other attributes

data-api

Override the chat API endpoint. Defaults to the script's origin + /api/chat. Almost no one needs this — it exists for proxy / debugging scenarios.

data-pusher-src

URL to load the Pusher SDK from. Defaults to https://cdn.jsdelivr.net/npm/pusher-js@8/dist/web/pusher.min.js. Override only if you need to bundle Pusher elsewhere for CSP reasons.

async

Standard HTML attribute. Always include — the widget doesn't need to block your page render.

What to put OUTSIDE the script tag

Nothing. Don't try to call our JavaScript API from your page. The widget is self-contained; opening / closing / setting visitor identity from outside isn't supported (planned but not built).

Loading on every page vs only some

You can put the snippet in your global template (header / footer template that every page includes), or only on specific pages. The widget remembers the visitor's session in localStorage, so the same conversation persists across pages.

CSP gotchas

Your Content Security Policy needs to allow:

  • cdn.nura24.com (script source).
  • Your Reverb host on ws:// or wss:// (connect source).
  • cdn.jsdelivr.net (Pusher SDK source — or wherever you've pointed data-pusher-src).

Specific CSP examples are in Widget embed setup.