window.pipeline namespace with all available methods. All methods return Promises.
The SDK waits internally for the bridge to be ready — you do not need to poll or delay before calling methods.
Namespaces
The current SDK (v2.1.0) exposes:window.pipeline.version reports the SDK version string at runtime.
Runtime environment
Marketplace tools run inside a sandboxed iframe. A few host constraints to design around:Native modals are blocked
alert(), confirm(), and prompt() are silently ignored — the iframe is sandboxed
without the allow-modals capability. Calls to these functions log a warning to the
DevTools console and return immediately without showing anything to the user.
Use in-page UI for all user feedback instead:
- For ephemeral confirmations and errors, render a toast (a small, non-interactive
div positioned
fixed; bottom: 1rem; right: 1rem;that auto-hides after 2-3 seconds). - For persistent warnings (e.g. “couldn’t reach Pipeline catalogue, submit unavailable”), render a banner at the top of the tool with an inline retry button.
- For destructive confirmations (e.g. “clear all rows?”), use a two-click pattern: the first click changes the button label to “Click again to confirm” for a few seconds, the second click commits.
Storage
The host does not expose a persistent-storage API to extensions. Use standardlocalStorage
for tool-side preferences (pricing, defaults, the operator’s last-used settings).
Storage is scoped to the iframe origin, which is per-tool.
Do not persist the in-progress quote in localStorage — Pipeline owns the quote.
Submit-or-discard is the expected lifecycle.
XSS hygiene
If you build HTML via template strings (element.innerHTML = \…“), escape every
interpolated user-supplied value. A 6-line helper is enough:
customers.list or products.list
(supplier names, descriptions). Numeric and boolean values are safe.