Using /start with the widget integration method

When you use the widget method to integrate DaVinci flow policies into your application, the /start request uses the endpoint from the auth.pingone.com resource server: The POST {{authPath}}/{{envID}}/policy/{{davinciFlowPolicyID}}/start.

For widget integration use cases, the code for the widget is embedded in the application’s web page. In that scenario, the /start request should not use the application’s API Key for security reasons. The application’s API Key should be treated like a confidential secret; it cannot be exposed in a public web page. Instead, the POST {{authPath}}/{{envID}}/policy/{{davinciFlowPolicyID}}/start request uses a DaVinci SDK Token to authenticate the request and initiate the flow specified by the flow policy.

For more information about the widget application integration method, refer to Launching a flow with the widget in the PingOne admin documentation.