Embed the widget in an iframe. It sends postMessage to window.parent when the flow finishes or the user clicks Close. Use postMessage for instant UX (dismiss your modal, show confirmation). Use webhooks for backend truth on async events.

<iframe src="https://tfr-sandbox.strgia.com/widget_session_…?token=…" allow="camera; microphone"></iframe>

Message shape

{
  "source": "lightspark-tfr-widget",
  "action": "complete",
  "outcome": "complete",
  "sessionId": "widget_session_01kvw9f9nvf26b4t4j87teamw9"
}

window.addEventListener("message", (e) => {
  if (e.data?.source !== "lightspark-tfr-widget") return;
  const { action, outcome, sessionId } = e.data;
  // action: "complete" | "close"
});

Validate e.origin in production.

Actions

complete — fires when a terminal screen appears (user has not clicked Close yet).

Outcome	Meaning
`complete`	Finished successfully
`in_review`	Submitted; compliance review pending
`expired`	Session expired
`rejected`	Rejected

close — fires when the user clicks Close.

Use sessionId to match the session on your backend. For async compliance results, rely on webhooks — not postMessage.