What’s Changed?
The core change is ownership of the iframe. With SDK 2, your host page creates and manages a Worth iframe directly. With SDK 3, you give the SDK a DOM element and it mounts, renders, and tears down the onboarding runtime for you with no iframe and nopostMessage subscription required.
| SDK 2 | SDK 3 | |
|---|---|---|
| Rendering | Host-managed <iframe> | SDK-managed DOM mount |
| Setup | createOnboardingApp({ origin, inviteToken, mode }) | createWorthOnboarding({ inviteToken, ... }) |
| Mounting | container.appendChild(onboardingApp.iframe) | await onboarding.mount(target) |
| Events | subscribe() + postMessage event stream | Typed callbacks (onStepSubmit, onComplete, onError, …) |
| Navigation | next(), prev(), skip() | Not exposed; the SDK owns step navigation |
| Styling | setCustomCss() | Styles injected automatically on mount() |
| Cleanup | subscription.unsubscribe() + onboardingApp.cleanup() | onboarding.unmount() |
Side-by-Side Comparison
- Before: SDK 2
- After: SDK 3
When using SDK 2, the customer application owns the iframe lifecycle. It creates the
iframe, appends it to the page, listens for
postMessage events, and may drive
navigation by calling helper methods such as next(), prev(), and skip().Additional SDK 3 Configuration
For non-production or non-default API environments, passapiBaseUrl:
mount(). Hosts
with a strict style-src Content Security Policy should pass the page’s
request-level nonce explicitly with styleNonce:
What changes do you need to make?
The core migration is from iframe orchestration to embedded runtime mounting. SDK 2 iframe-specific code should be replaced with SDK 3 lifecycle callbacks. Remove SDK 2 iframe ownership:- Remove
origin,mode, andloadingTimeoutconfiguration - Remove
appendChild(onboardingApp.iframe)and direct iframe styling - Remove raw
postMessageevent subscription logic - Remove calls to
next(),prev(),skip(),setMode(),setCustomCss(), andrefreshSize() - Remove iframe-specific teardown, except for replacing it with
onboarding.unmount()
- Add a stable mount target, such as
<div id="worth-onboarding"></div> - Remove any old SDK stylesheet import or stylesheet
<link>tag. SDK 3 styles are injected automatically duringmount() - Create an SDK instance with
createWorthOnboarding({ inviteToken, ... }) - Use
onCompletefor completion behavior - Use
onErrorfor SDK/runtime errors - Use
onStepSubmitwhen the host application needs a step-submission analytics, audit, or synchronization hook - Call
unmount()when the containing route or component unloads
Callback Mapping
SDK 2 exposed a broad event stream throughsubscribe(). SDK 3 exposes
structured callbacks on the createWorthOnboarding options object.
- Use
onCompleteinstead of handling theONBOARDING_COMPLETEDmessage - Use
onErrorinstead of handling theERRORmessage - Use
onAuthenticatedandonAuthUnsupportedfor authentication-specific outcomes when the host application needs to observe those states - Use
onStepSubmitfor submitted step payloads. The callback receives:
STAGE_NAVIGATION only to observe internal step changes, remove
that listener during migration; onStepSubmit is only fired for submitted step
payloads and is not a general navigation-event replacement.
Migration Checklist
Use this checklist to track your migration from start to finish.Remove old stylesheets
Remove any old Worth SDK stylesheet import or CDN stylesheet tag. SDK 3 injects its styles automatically during
mount()Move event handling to callbacks
Move completion and error behavior from
subscribe() handlers to onComplete and onErrorAdd onStepSubmit if needed
Add
onStepSubmit if your application needs a step-submission hook for analytics, auditing, synchronization, etc.Handle strict CSP, if applicable
If your host page enforces a strict
style-src Content Security Policy, pass its request nonce as styleNonce and test in a page with CSP enabledRemove iframe navigation controls
Remove external iframe navigation controls (
next(), prev(), skip()) unless SDK 3 explicitly adds a replacement APIReplace cleanup logic
Replace iframe cleanup (
subscription.unsubscribe(), onboardingApp.cleanup()) with onboarding.unmount()