HomeDevelopersApp Platform

App Platform

Build embedded apps for WorkSkedge with JWT authentication, postMessage API, and secure iframe integration.

Introduction to the App Platform

The WorkSkedge App Platform enables developers to build embedded applications that run seamlessly within the WorkSkedge interface. Your apps are loaded in secure iframes with full access to user context, authentication tokens, and real-time communication.

Authentication & Security

All embedded apps use JWT token authentication. See the Authentication tab for comprehensive security guidance, token handling, and role-based access control.

Secure Authentication

JWT tokens with user context, company data, and role-based permissions.

Real-time Communication

Bidirectional postMessage API for seamless app-to-platform integration.

Built-in Testing

Dev Launcher with token inspection and custom URL testing.

Architecture Overview

Your app runs inside an iframe within WorkSkedge. The platform handles authentication, passes JWT tokens with user context, and provides a postMessage API for real-time communication.

┌─────────────────────────────────────────────────────────┐
│                    WorkSkedge Platform                  │
│                                                         │
│  1. User opens app → Platform generates JWT token       │
│  2. Token includes: userId, companyId, roles, etc.      │
│  3. Token passed via URL + postMessage                  │
│                                                         │
│  ┌───────────────────────────────────────────────────┐  │
│  │              Your Embedded App (iframe)           │  │
│  │                                                   │  │
│  │  1. Receive & decode JWT token                    │  │
│  │  2. Verify token on your server                   │  │
│  │  3. Access user data from token claims            │  │
│  │  4. Use postMessage for communication             │  │
│  └───────────────────────────────────────────────────┘  │
│                                                         │
│  ← postMessage: context updates, navigation, etc.       │
│  → postMessage: ready, notify, refresh, etc.            │
└─────────────────────────────────────────────────────────┘

Integration Comparison

Choose the right integration method for your use case:

Embedded AppsFull UI inside WorkSkedge · JWT tokens (1hr) · postMessage · Best for dashboards, forms, visualizations
REST APIExternal UI · API keys · Polling required · Best for integrations, data sync, automation
WebhooksNo UI · Webhook signatures · Push notifications · Best for event-driven workflows

Quick Start Workflow

1

Create Your App

Build a web application that accepts JWT tokens via URL parameters and postMessage.
2

Handle Authentication

Decode the JWT client-side to access user context, then verify it on your server.
3

Implement postMessage

Use the postMessage API to communicate with WorkSkedge for token updates and navigation.
4

Test with Dev Launcher

Use the built-in Dev Launcher to test your app with real tokens before going live.
5

Deploy & Install

Deploy your app to production and install it for your WorkSkedge company.

Requirements Checklist

  • A web server to host your application (any hosting platform).
  • HTTPS endpoint (required for secure iframe embedding).
  • JWT token verification logic (client-side and server-side).
  • postMessage event listeners for WorkSkedge communication.
  • Error handling for expired or invalid tokens.
  • Testing with Dev Launcher before production deployment.