Iframe Launch
Embed Phoenix prediction markets in an operator page
The Phoenix Prediction iframe is the prediction-market application that runs inside your site. Your page controls where it appears. Phoenix controls the market UI inside the frame.
Most integrations should use the Host SDK - it builds this iframe for you (with the correct sandbox + security), and turns the bridge into typed methods and events. This page documents the underlying URL + iframe if you prefer to build it by hand.
URL Shape
https://embed.prediction.phoenixverse.io/o/{operator_code}?token={JWT}&view=feed| Part | Meaning |
|---|---|
{operator_code} | Your Phoenix Prediction operator code, for example acme. May also be passed as ?operator=acme instead of the /o/{code} path |
token | A short-lived visitor or player launch JWT minted by your backend (required) |
token is the only required parameter. Everything else (the initial view, parent origin, sizing, density, and the appearance seeds) is optional and is documented in URL Parameters below.
Phoenix will provide the final host for each environment.
Basic Embed
<iframe
src="https://embed.prediction.phoenixverse.io/o/acme?token=JWT"
style="width: 100%; height: 720px; border: 0"
></iframe>This default mode works well when your page owns the frame size and the Phoenix Prediction iframe scrolls internally.
Recommended Attributes
<iframe
id="phoenix-prediction-embed"
title="Prediction markets"
src="https://embed.prediction.phoenixverse.io/o/acme?token=JWT&parent_origin=https%3A%2F%2Fwww.acme.example"
style="width: 100%; min-height: 720px; border: 0"
sandbox="allow-scripts allow-same-origin allow-popups allow-popups-to-escape-sandbox allow-forms"
allow="clipboard-write; fullscreen"
></iframe>allow-same-origin is required - the embed needs its own origin for session storage and socket auth - and is safe because the embed is a different origin than your page.
Keep the iframe source on HTTPS in every public environment. Do not place Phoenix Prediction launch tokens in logs, analytics URLs, or third-party tracking events.
Visitor and Player Launches
You can launch the iframe in two modes:
| Mode | Use when | Allowed behavior |
|---|---|---|
| Visitor | User is not logged in, or you want browse-first UX | Feed, categories, listing detail, public comments |
| Player | User is authenticated on your site | Order placement, positions, comments, player-specific state |
When a visitor triggers a player-only action, the iframe emits an auth.requested event. Your site logs the user in, mints a player token, and sends it back (embed.setToken(token) with the SDK, or a setToken command). See the Host SDK.
URL Parameters
The iframe URL carries only per-launch knobs. Operator-fixed identity, branding, legal, currencies, and the allowed parent origins live on your operator account and are served by GET /embed/api/config. Per-user UI policy (for example deposit or profile button visibility) is carried in the signed launch token's cfg claim, not in the URL.
| Param | Meaning |
|---|---|
token | Short-lived visitor or player launch JWT (required) |
operator | Operator code, alternative to the /o/{code} path segment |
parent_origin | The exact origin of the host page, URL-encoded, for postMessage targeting |
view | Initial view: feed, portfolio, leaderboard, activity, or listing |
listing | Listing slug, required when view=listing |
sizing | container (default) or auto. See Sizing |
density | comfortable (default) or compact |
Appearance Seeds
The iframe derives its full theme from a handful of seed params. Pass the ones you need; each one defaults to the Phoenix palette when omitted.
| Param | Meaning |
|---|---|
mode | light, dark, or auto |
accent | Primary brand / accent color seed |
secondary | Secondary brand color seed - tints a small highlight (a promo / boost surface). Defaults to the accent |
radius | Corner radius, 0 to 1 |
neutralHue | Neutral surface hue, 0-360. Lets a warm accent sit on a cool surface (e.g. a gold accent on a navy UI). Defaults to the accent's hue |
neutralChroma | How strongly the surfaces carry neutralHue (a small number, e.g. 0.02). Defaults to the Phoenix ramp |
cb | Colorblind palette, 1 or true to enable |
yes | Color seed for the Yes / up side |
no | Color seed for the No / down side |
font | Brand font family name (loaded from Google Fonts) |
fontUrl | A self-hosted font file URL (HTTPS) for the brand family; pair with font as the family name |
Seeds are cosmetic and contrast-safe by construction - the embed derives the full palette and clamps it to legible contrast, so no combination can produce an unreadable UI. font/fontUrl must be HTTPS; a font that fails to load falls back to the Phoenix font.
You can re-theme at runtime without reloading the iframe with the setTheme command. The brand logo and wordmark are set the same way, via setBranding (they are not URL params). See the Host SDK.
Initial View
You can ask the iframe to open a specific view:
?view=feed
?view=portfolio
?view=listing&listing=btc-daily-closeIf no view is supplied, the iframe opens the feed.