Public widget API
Published widgets are fetched by consuming applications through an unauthenticated public endpoint secured by a token and published key.
Endpoint
GET /api/v1/c/widget/get?token={token}&publishedKey={publishedKey}Parameters
| Parameter | Required | Description |
|---|---|---|
token | Yes | App project environment token from …/app-project-env-tokens. Must be enabled. |
publishedKey | Yes | Unique key for the published widget snapshot in staging or production. Shown in the UI after publishing. |
Response
Successful responses return:
{
"success": true,
"data": {
"widget": {
"publishedKey": "...",
"name": "...",
"version": "1.0.0",
"environmentName": "Staging",
"itemList": { "rows": [ ... ] },
"tagName": "optional release tag",
"tagDescription": "optional notes",
"lastPublishedAt": "ISO-8601 timestamp"
},
"childCollections": {
"Collection_key$publishedKey@parentKey": { ... }
}
}
}childCollections includes published embedded and shared collections referenced by the widget, resolved for the token's team and environment.
Validation rules
- Token must exist and be enabled.
- Published widget must belong to the same team and environment as the token.
- Only GET is supported on this endpoint.
Embed surfaces
RuleCMS also provides hosted render routes for testing and embedding:
/render— render a published widget in a browser
Getting your token and published key
- Publish a widget to staging or production (see Publishing).
- Copy the published key from the publish confirmation or published widget detail page.
- Open
…/app-project-env-tokensfor the matching app and environment. Copy the token value (keep it secret). - Call the API from your server or client according to your security model. Prefer server-side token usage when possible.
Published key formats
Shared resources use {environmentId}---{resourceKey}. Embedded collections append an instance id: {environmentId}---{key}___{collectionId}. See Collections and Publishing for how keys appear in itemList references.
Authenticated API: All management APIs under
/api/v1/d/* require a Cognito bearer token from a signed-in RuleCMS user. They are not part of the public customer integration surface.