Skip to main content

Architecture Overview

Sticker’s embedded integration follows a simple but secure architecture that keeps your users authenticated across both platforms while providing a seamless ordering experience.

Integration Components

Backend Integration

Two API endpoints to implement on your backend server

Frontend Embedding

iframe component to display Sticker in your UI

Webhook Listeners

Optional webhooks to receive order status updates

User Management

Automatic provisioning and profile synchronization

Integration Flows

One-Time Setup Flow

This flow happens once when a customer enables the supplies module:
1

Customer Enables Module

A customer clicks “Enable Supplies” in your platform
2

Collect Organization Data

Gather organization details and user list from your system
3

Call Organization Setup API

Send organization and user data to Sticker’s API
POST /api/partner/organization-setup
4

Store Partner Org ID

Save the returned profile ID to link future requests
5

Enable Supplies UI

Show the supplies module option in your platform’s navigation

Per-Session Authentication Flow

This flow happens every time a user opens the supplies module:
1

User Clicks Supplies

User navigates to the supplies section in your platform
2

Identify User

Get the current user’s information from your auth system
3

Call Handshake API

Send user details to receive a session token
POST /api/partner/handshake
4

Embed iframe

Display the iframe with the session token in the URL
5

User Shops

User browses, adds to cart, and completes checkout—all within your platform

Integration Methods

Sticker supports two integration methods depending on your platform’s capabilities: Best for platforms with OAuth capabilities. Sticker automatically syncs organization data. Benefits:
  • Automatic data synchronization
  • Real-time updates to user profiles and addresses
  • Reduced maintenance burden
  • Better data consistency
Requirements:
  • OAuth 2.0 provider endpoint
  • User authorization flow
  • Token refresh mechanism
OAuth integration is ideal for platforms where organization data changes frequently, such as practice addresses or user roles.

Method 2: Manual Data Push

Best for platforms without OAuth. You manually send organization data to Sticker. Benefits:
  • Simpler to implement
  • Full control over data sent
  • No OAuth infrastructure required
Requirements:
  • Structured organization data
  • User list with email addresses
  • Address information
Manual data push is perfect for getting started quickly. You can always upgrade to OAuth later.

Data Models

Organization Structure

interface Organization {
  name: string;                    // Organization name
  email: string;                   // Primary contact email
  phone?: string;                  // Primary phone number
  addresses: Address[];            // Shipping/billing addresses
  partner_org_id: string;          // Your internal org ID
}

interface Address {
  line1: string;                   // Street address
  line2?: string;                  // Apt, Suite, etc.
  city: string;                    // City
  state: string;                   // State/Province (2-letter code)
  zip: string;                     // Postal code
  country: string;                 // Country (2-letter code)
  is_primary: boolean;             // Default shipping address
}

User Structure

interface User {
  email: string;                   // User's email (unique identifier)
  first_name: string;              // First name
  last_name: string;               // Last name
  role?: 'admin' | 'member';       // User role in organization
}

Security Considerations

All API requests require your Partner API Key in the Authorization header. Never expose this key in client-side code.
Handshake requests must be signed with HMAC-SHA256 using your API key to prevent tampering.
Session tokens expire after 5 minutes and are single-use only, ensuring each user session is properly authenticated.
The embedded iframe runs in a sandboxed environment with limited permissions for security.

Rate Limiting

To ensure system stability, API requests are rate limited:
EndpointRate LimitBurst
Organization Setup100 requests/hour10 concurrent
Handshake1,000 requests/hour100 concurrent
WebhooksN/A (inbound only)N/A
If you exceed rate limits, you’ll receive a 429 Too Many Requests response. Implement exponential backoff for retries.

Environments

Sticker provides two environments for development and production:

Sandbox Environment

For development and testing: 
API URL: https://sandbox.api.sticker.com
Web App: https://sandbox.app.sticker.com
API Key: sk_test_...
Features:
  • Test credit cards accepted
  • No real orders fulfilled
  • Unlimited API calls
  • Separate database from production

Production Environment

For live customer orders: 
API URL: https://api.sticker.com
Web App: https://app.sticker.com
API Key: sk_live_...
Features:
  • Real payment processing
  • Actual order fulfillment
  • Rate limits enforced
  • Production SLA guarantees
Always test your integration thoroughly in sandbox before going to production. Contact support when ready to deploy.

Monitoring & Analytics

Track your integration’s health and usage:

API Dashboard

View API call volumes, error rates, and latencies

Order Analytics

Track orders placed through your integration

User Engagement

Monitor active users and session durations
Access your partner dashboard at: https://partners.sticker.com/dashboard

Support & Resources

API Status

Check real-time API health and uptime

Partner Support

Get help from our integration engineers

Changelog

Stay updated on new features and changes

Community Forum

Connect with other partners

Next Steps

Now that you understand the integration architecture, let’s dive into implementing each component:

Organization Setup

Provision organizations and users in Sticker

User Handshake

Authenticate users for each session

iframe Embedding

Display Sticker in your application

Best Practices

Tips for a robust integration