Phoenix Prediction Docs

Iframe Launch

Embed Phoenix prediction markets in an operator page

The Phoenix Prediction iframe is the prediction-market application that runs inside your site. Your page controls where it appears. Phoenix controls the market UI inside the frame.

Most integrations should use the Host SDK - it builds this iframe for you (with the correct sandbox + security), and turns the bridge into typed methods and events. This page documents the underlying URL + iframe if you prefer to build it by hand.

URL Shape

https://embed.prediction.phoenixverse.io/o/{operator_code}?token={JWT}&view=feed
PartMeaning
{operator_code}Your Phoenix Prediction operator code, for example acme. May also be passed as ?operator=acme instead of the /o/{code} path
tokenA short-lived visitor or player launch JWT minted by your backend (required)

token is the only required parameter. Everything else (the initial view, parent origin, sizing, density, and the appearance seeds) is optional and is documented in URL Parameters below.

Phoenix will provide the final host for each environment.

Basic Embed

<iframe
  src="https://embed.prediction.phoenixverse.io/o/acme?token=JWT"
  style="width: 100%; height: 720px; border: 0"
></iframe>

This default mode works well when your page owns the frame size and the Phoenix Prediction iframe scrolls internally.

<iframe
  id="phoenix-prediction-embed"
  title="Prediction markets"
  src="https://embed.prediction.phoenixverse.io/o/acme?token=JWT&parent_origin=https%3A%2F%2Fwww.acme.example"
  style="width: 100%; min-height: 720px; border: 0"
  sandbox="allow-scripts allow-same-origin allow-popups allow-popups-to-escape-sandbox allow-forms"
  allow="clipboard-write; fullscreen"
></iframe>

allow-same-origin is required - the embed needs its own origin for session storage and socket auth - and is safe because the embed is a different origin than your page.

Keep the iframe source on HTTPS in every public environment. Do not place Phoenix Prediction launch tokens in logs, analytics URLs, or third-party tracking events.

Visitor and Player Launches

You can launch the iframe in two modes:

ModeUse whenAllowed behavior
VisitorUser is not logged in, or you want browse-first UXFeed, categories, listing detail, public comments
PlayerUser is authenticated on your siteOrder placement, positions, comments, player-specific state

When a visitor triggers a player-only action, the iframe emits an auth.requested event. Your site logs the user in, mints a player token, and sends it back (embed.setToken(token) with the SDK, or a setToken command). See the Host SDK.

URL Parameters

The iframe URL carries only per-launch knobs. Operator-fixed identity, branding, legal, currencies, and the allowed parent origins live on your operator account and are served by GET /embed/api/config. Per-user UI policy (for example deposit or profile button visibility) is carried in the signed launch token's cfg claim, not in the URL.

ParamMeaning
tokenShort-lived visitor or player launch JWT (required)
operatorOperator code, alternative to the /o/{code} path segment
parent_originThe exact origin of the host page, URL-encoded, for postMessage targeting
viewInitial view: feed, portfolio, leaderboard, activity, or listing
listingListing slug, required when view=listing
sizingcontainer (default) or auto. See Sizing
densitycomfortable (default) or compact

Appearance Seeds

The iframe derives its full theme from a handful of seed params. Pass the ones you need; each one defaults to the Phoenix palette when omitted.

ParamMeaning
modelight, dark, or auto
accentPrimary brand / accent color seed
secondarySecondary brand color seed - tints a small highlight (a promo / boost surface). Defaults to the accent
radiusCorner radius, 0 to 1
neutralHueNeutral surface hue, 0-360. Lets a warm accent sit on a cool surface (e.g. a gold accent on a navy UI). Defaults to the accent's hue
neutralChromaHow strongly the surfaces carry neutralHue (a small number, e.g. 0.02). Defaults to the Phoenix ramp
cbColorblind palette, 1 or true to enable
yesColor seed for the Yes / up side
noColor seed for the No / down side
fontBrand font family name (loaded from Google Fonts)
fontUrlA self-hosted font file URL (HTTPS) for the brand family; pair with font as the family name

Seeds are cosmetic and contrast-safe by construction - the embed derives the full palette and clamps it to legible contrast, so no combination can produce an unreadable UI. font/fontUrl must be HTTPS; a font that fails to load falls back to the Phoenix font.

You can re-theme at runtime without reloading the iframe with the setTheme command. The brand logo and wordmark are set the same way, via setBranding (they are not URL params). See the Host SDK.

Initial View

You can ask the iframe to open a specific view:

?view=feed
?view=portfolio
?view=listing&listing=btc-daily-close

If no view is supplied, the iframe opens the feed.