Configuration

Navigate to your board's settings in Round Two and go to the Embed tab to configure how the embed works in your application.

Enable Embedding

Toggle the "Enable embedding" switch to activate embedding for this board. When enabled, the embed script will be available and the board can be embedded in external applications.

Note: Floating buttons only appear for authenticated users. If a user isn't authenticated (no valid JWT token), the floating button won't be displayed. Custom triggers will still work but will prompt for authentication when clicked.

Trigger Type

Choose how users will open the feedback form:

Floating Button (default):

• Round Two provides a branded floating button that appears on your page
• Users click the button to open the feedback form
• You can configure the button position (bottom-right or bottom-left)

Custom Trigger:

• Your application controls when the feedback form opens
• You specify a data attribute (e.g., data-roundtwo-trigger)
• Any element with this attribute will open the form when clicked
• Useful for integrating with your own buttons, menus, or UI components

Configuration Details:

• For floating button: Select the position (bottom-right or bottom-left)
• For custom trigger: Set the data attribute name (default: data-roundtwo-trigger)

Presentation Mode

Choose how the feedback form appears when opened:

Center Modal:

• Opens as a centered modal dialog
• On mobile, adapts to a bottom sheet
• Good for focused feedback collection

Full Height Sidebar:

• Opens as a sidebar on the same side as the trigger button
• Takes full height of the viewport
• Good for extended feedback sessions

Authentication & Security

Public Key Configuration

Round Two uses RSA public key (RS256) signing for token verification. This is the only supported method and provides the highest security.

Configuration Steps:

1. Generate RSA Key Pair:

   • Follow our detailed guide: Creating and Using RSA Keys
   • Or use these quick commands:
     Copy

     # Generate private key (keep this secure!)
     openssl genrsa -out private_key.pem 2048
     
     # Generate public key
     openssl rsa -in private_key.pem -pubout -out public_key.pem
     

2. Add Public Key to Round Two:

   • Copy the entire contents of public_key.pem
   • Include the -----BEGIN PUBLIC KEY----- and -----END PUBLIC KEY----- lines
   • Paste it into the "Public Key (PEM format)" field in Round Two embed settings

3. Keep Private Key Secure:

   • Never commit private_key.pem to version control
   • Store private key securely (environment variables, secret management service)
   • Use different keys for production and staging
   • Rotate keys periodically

Need help? See our comprehensive guide: RSA Keys for step-by-step instructions, troubleshooting, and security best practices.

Allowed Origins

Specify which domains are allowed to embed this board. This is a security measure to prevent unauthorized embedding.

Format:

• Exact URLs: https://example.com
• Wildcards: *.example.com (matches all subdomains)
• Multiple origins: Add each domain separately

Examples:

• https://app.example.com - Only this exact domain
• *.example.com - All subdomains of example.com
• https://staging.example.com - Specific staging environment

Best Practices:

• Include both production and staging domains if needed
• Use wildcards carefully - they match all subdomains
• Remove origins you no longer use
• Test that your domain is correctly added

Copy the Embed Script

Once configured, copy the generated embed script from the settings page. This script includes:

• Your board ID
• Token endpoint path
• Trigger configuration
• Presentation mode settings

The script is ready to paste into your application's HTML (typically in the <head> section).

Next Steps

• Add Script - Integrate the script into your application
• Token Endpoint - Create your authentication endpoint