Configuration
Script tag data attributes, initialize options, and environment variables for the web SDK.
Script tag attributes
| Attribute | Default | Description |
|---|---|---|
data-sdk-key | — | Project SDK key (required) |
data-project-id | — | Project ID (required) |
data-base-url | prod API | Override client API base URL |
data-anonymous | true | Set false to disable anonymous visitor id |
data-fingerprint | false | Set true to enable FingerprintJS CDN load (internal UUID by default) |
data-auto-page-view | true | Set false to disable automatic page.viewed events |
data-log-level | info | debug, info, warn, error, silent |
data-push | false | Set true to enable web push (opt-in; requires VAPID provider configured) |
data-push-auto-subscribe | false | Auto-subscribe when notification permission is already granted |
data-service-worker-path | /motisig-sw.js | Path to your same-origin service worker stub |
data-service-worker-scope | / | Service worker scope |
data-vapid-public-key | from API | Optional VAPID public key override (normally fetched from /web-config) |
Keys come from MotiSig dashboard → Settings → API Keys (kind SDK). Use the project SDK key, not org admin credentials.
Allowed web domains
Browser requests from the web SDK are allowed only from origins you configure for the project. This does not apply to native iOS, Android, or Expo SDKs.
- Open Settings → API Keys in the MotiSig app.
- Select the SDK tab.
- Under Allowed web domains, add each origin where the web SDK runs, then click Save domains.
Origin format
- Use the full origin: scheme + host + optional port — for example
https://app.example.comorhttps://app.example.com:8443. - Do not include a path, query string, or fragment.
- Production sites must use HTTPS.
- For local development, add explicit entries such as
http://localhost:3000orhttp://127.0.0.1:3000.
You can add up to 20 origins per project. Until at least one domain is saved, browser Client API calls return 403 (fail-closed). The dashboard shows a warning when the list is empty.
If your project has a website URL in settings, you can use Add from project website on the same screen to pre-fill the origin.
Same-origin service worker hosting (/motisig-sw.js on your site) is separate from this allowlist — both are required for web push.
initialize options
await motisig.initialize({
sdkKey: 'your-sdk-key',
projectId: 'your-project-id',
baseURL: 'https://api.motisig.ai/client', // optional
logLevel: 'info', // optional
anonymous: {
enabled: true,
optOut: true, // default; false = enable FingerprintJS CDN
geolocation: false,
},
anonymousUserExtras: {
tags: ['web'],
},
// Web push (opt-in) — see Push notifications for setup
push: {
enabled: true,
autoSubscribe: false,
serviceWorkerPath: '/motisig-sw.js',
serviceWorkerScope: '/',
},
});Returns Promise<boolean> — false if sdkKey or projectId is empty.
Default base URL
Production: https://api.motisig.ai/client
For dev/staging, set data-base-url or baseURL to your dev client API host.
Environment variables (typical Next.js app)
NEXT_PUBLIC_MOTISIG_SDK_KEY=
NEXT_PUBLIC_MOTISIG_PROJECT_ID=
NEXT_PUBLIC_MOTISIG_BASE_URL=https://api-dev.motisig.ai/client
NEXT_PUBLIC_MOTISIG_SDK_SCRIPT_URL=https://motisig.ai/cdn/web/v1/motisig.js
# Web push — set to your project's VAPID public key to enable push on the script tag automatically
NEXT_PUBLIC_MOTISIG_VAPID_PUBLIC_KEY=Omit SDK_KEY and PROJECT_ID to disable the SDK entirely. See Push notifications for VAPID setup.