Goal
Render the MexCep changelog inside any third-party site (status page, internal wiki, partner portal) without writing JavaScript. The endpoint returns a self-contained HTML document with inline CSS; embed it via a single <iframe> and it works everywhere.
Prerequisites
None for the request itself. The widget supports anonymous traffic and serves public-audience entries.
Steps
1. Drop the iframe into your page
<iframe
src="https://api.example.com/v1/public/changelog/embed?lang=en"
width="100%"
height="600"
frameborder="0"
title="MexCep Changelog">
</iframe>The widget renders a scrollable list of recent entries with title, date, summary, and a category badge. A "View all" footer link points to the full changelog page.
2. Customize via query params
All parameters are optional.
| Param | Default | Description |
|---|---|---|
lang | en | Display language. Accepted: en, es. |
limit | 10 | Number of entries to show (1–30; values outside the range are clamped). |
audience | public | Audience filter. Accepted: public, admin (admin requires cookie + docs:read). |
<!-- Spanish, last 5 entries -->
<iframe src="https://api.example.com/v1/public/changelog/embed?lang=es&limit=5"
width="100%" height="400" frameborder="0"></iframe>
<!-- Public audience, last 20 entries -->
<iframe src="https://api.example.com/v1/public/changelog/embed?audience=public&limit=20"
width="100%" height="800" frameborder="0"></iframe>3. Styling
The widget ships with minimal inline CSS. Single-column responsive layout. Typography inherits from the widget's own stylesheet, not from the parent page — this is expected iframe isolation behavior.
The stylesheet reacts to the visitor's OS preference via prefers-color-scheme:
- Light mode: white background, dark text.
- Dark mode: near-black background, light text.
No class names, CSS variables, or theme tokens are exposed for external override. If you need full visual control, call GET /v1/public/changelog directly and render your own HTML.
4. iframe + CORS headers
The endpoint serves on every response:
Content-Security-Policy: frame-ancestors *
X-Frame-Options: ALLOWALLThe widget can be embedded from any domain, including localhost, file://, and third-party sites. There is no allowlist to configure.
5. Caching
Responses are cached for 5 minutes (Cache-Control: public, max-age=300, must-revalidate). After a new release publishes, the iframe refreshes on the next reload within 5 minutes.
Errors
| Status | Code | Cause |
|---|---|---|
| 400 | invalid_lang / invalid_audience | Param value outside the enum. |
| 401 | unauthorized | Requested audience=admin without cookie auth. |
| 403 | forbidden | Cookie present but missing docs:read. |
| 429 | rate_limited | Excessive widget requests from the same IP. |
Notes
- The widget is a full HTML document, not a fragment — embed it via
<iframe>, notdangerouslySetInnerHTML. - See Subscribe to the Atom feed or Subscribe to the JSON feed if you want push-style integration with an RSS reader instead of an iframe.
- ADR-0090 (URL Convention) explains the
/v1/public/*namespace move.
New in v1.49.6 — see ADR-0090.