Embedded Accounts
Learn how to make API calls on behalf of your embedded accounts as a Straddle platform
For Platforms building on Embed, you have the ability to make API calls on behalf of your embedded accounts. This guide will walk you through the process of adding the necessary information to your API calls to act on behalf of your connected accounts.
Overview
You can make API calls for your embedded accounts in two ways:
- Server-side using the
Straddle-Account-Id
header and the embedded account ID, per request - Client-side by passing the embedded account ID as an argument to the client library
To ensure optimal performance and reliability, Straddle has established rate limits and allocations for API endpoints. These limits apply collectively to all requests made on behalf of embedded accounts.
Server-Side Requests: Using the Straddle-Account-Id Header
For server-side API calls, you can make requests as embedded accounts using the special header Straddle-Account-Id
with the Straddle account identifier (prefixed with acct_
) of your platform user.
Example: Creating a Charge
Here’s an example that shows how to create a Charge with your platform’s API secret key and your user’s Account identifier:
Client-Side Requests
For client-side API calls, you can pass the embedded account ID as an argument when initializing the Straddle client. Here’s an example:
COMING SOON
Be cautious when using client-side requests for embedded accounts. Ensure that you’re not exposing sensitive information or granting unnecessary permissions to the client.
Best Practices
When making API requests for embedded accounts, keep these best practices in mind:
-
Use server-side requests when possible: This gives you more control over the API calls and keeps sensitive information secure.
-
Validate the embedded account ID: Before making a request on behalf of an embedded account, ensure that the account ID is valid and belongs to your platform.
-
Handle errors gracefully: Be prepared to handle errors that may occur when making requests for embedded accounts, such as account not found or insufficient permissions.
-
Monitor API usage: Keep track of the API calls made on behalf of your embedded accounts to ensure you’re within rate limits and to detect any unusual activity.
-
Use webhooks: Set up webhooks to receive real-time notifications about events related to your embedded accounts.
Rate Limits
Straddle applies rate limits to API requests to ensure fair usage and system stability. These limits apply collectively to all requests made by your platform, including those made on behalf of embedded accounts.
If you need higher rate limits for your platform, please contact Straddle support to discuss your requirements.
Conclusion
Making API requests on behalf of embedded accounts is a powerful feature that allows you to build sophisticated platforms on top of Straddle. By following the guidelines in this document, you can ensure that you’re making these requests correctly and securely.
For more information on specific API endpoints and how they behave when used with embedded accounts, refer to our API Reference documentation.