Socket
Book a DemoInstallSign in
Socket
Book a DemoInstallSign in

@cantoo/cantoo-api

Package Overview
Dependencies
Maintainers
5
Versions
18
Alerts
File Explorer

Advanced tools

License
Socket logo

Install Socket

Detect and block malicious and high-risk dependencies

Install

@cantoo/cantoo-api

A client api for integration with Cantoo Scribe

latest
npmnpm
Version
1.0.18
Version published
Weekly downloads
6
-53.85%
Maintainers
5
Weekly downloads
 
Created
Source

cantoo-api

Creating a new connection

To create a new connection with the cantoo api you must call the static method CantooApi.connect(). This method will create an iframe on the provided DOM node and return a new CantooApi instance. Don't forget to call destroy before getting rid of the CantooApi instance.

CantooApi.connect() receives an Object as param. The object should have the following properties:

keytyperequireddescription
domElement HTMLElementrequiredThe DOM element which the iframe will be attached to. It should use display:flex;
accessTokenstringrequiredThe token of the user that wants to interact with the api (as received from the GAR)
fileIdstringoptionalThe file id that is going to be edited (as received in the "ready" and "completed" events)
titlestringoptionalThe title of the file that will be created. Should not be set if fileId is set
env'prod' | 'preprod' | 'develop'requiredThe environment that the client will connect to
readOnlybooleanrequiredShould the user be able to edit the file, or is it only a viewer?
const api = await CantooAPI.connect({domElement, env: 'develop', accessToken: '1', fileId: '10', readOnly: true})

The CantooApi instance

Once the connection is done you can interact with the cantoo api through the following methods:

nametypedescription
loadDocument(id: string, readOnly?: boolean | undefined) => Promise<void>Loads a new document on the Iframe
addEventListener(eventName: 'ready', callback: (event: { id: string, userId: string, fileId: string }) => void) => voidAdds a new listener to the 'ready' event
addEventListener(eventName: 'completed', callback: (event: { id: string, title: string, userId: string }) => void) => voidAdds a new listener to the 'completed' event
addEventListener(eventName: 'destroyed', callback: () => void) => voidAdds a new listener to the 'destroyed' event
addEventListener(eventName: 'logout', callback: (event: { id: string, userId: string }) => void) => voidAdds a new listener to the 'logout' event
removeEventListener(eventName: 'ready|completed|destroyed|logout', callback) => voidRemoves a listener that is attached to some event. The callback is the function instance that was previously added to the listener
destroy() => voidCloses the connection with the api. This function also removes all listeners and call the listerners that were attached to the 'destroyed' event

The connection state

The CantooApi holds the connection state on the readOnly attribute state.

There are 4 possible states:

namedescription
launchingThe iframe was attached to the DOM and is loading its content
readyThe document id is ready for edition
completedThe document id has been created and can be retrieved or shared
destroyedThe iframe was destroyed and detached

FAQs

Package last updated on 30 Jun 2025

Did you know?

Socket

Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.

Install

Related posts

9 Malicious NuGet Packages Deliver Time-Delayed Destructive Payloads

Research

/

Security News

9 Malicious NuGet Packages Deliver Time-Delayed Destructive Payloads

Socket researchers discovered nine malicious NuGet packages that use time-delayed payloads to crash applications and corrupt industrial control systems.

By Kush Pandya  -  Nov 06, 2025