PME — Private Model Embed

PME (Private Model Embed) keeps a tour from being publicly available. When a tour is in PME mode, it can't be opened just by knowing its link — a viewer must present a valid, time‑limited access token scoped to that specific tour. Use it to share or embed a private tour with controlled, expiring access.

How PME works

  1. A tour is marked PME (private). It is no longer publicly accessible — loading it without a token is rejected.
  2. To grant access, you generate a PME token for the tour's slug with a chosen lifetime (expiresIn, in seconds).
  3. The token is a JWT scoped to that tour's slug and valid only until it expires.
  4. When the tour is loaded, the token is supplied (as pmeToken). Treedis validates it and loads the tour only if the token is present, valid, not expired, and its slug matches the tour.
  5. Optionally, a PME tour can also be restricted to specific domains, so the embed only works on sites you approve.
PME tour (private)
   └─ generate token (slug + expiresIn)  ──►  JWT scoped to the tour, expires in N seconds
        └─ viewer loads tour with pmeToken  ──►  valid + unexpired + slug matches?
              ├─ yes → tour loads
              └─ no  → access denied

Because minting tokens requires your API credentials, you stay in control of who can open the tour and for how long — hand out only short‑lived tokens, and let them expire.

The PME flag on a tour is managed in the Treedis dashboard (Private Model Embed settings, including allowed domains). This guide covers the API for issuing access tokens to those tours.

Generate a token

POST /v1/api/tours/pmeToken/generate — authenticated with your OAuth2 Bearer token or API key.

Field Type Notes
slug string Required. The tour's slug.
expiresIn integer Required. Token lifetime in seconds (e.g. 3600 = 1 hour).
curl -X POST "https://api.treedis.com/v1/api/tours/pmeToken/generate" \
  -H "Authorization: Bearer your-access-token" \
  -H "Content-Type: application/json" \
  -d '{
    "slug": "ea753958",
    "expiresIn": 3600
  }'

The token is returned in data:

{
  "status": 200,
  "message": "Success",
  "timestamp": 1716146262053,
  "data": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzbHVnIjoiZWE3NTM5NTgiLCJleHAiOjE3MjMxMDM1NDR9.NI4zOsAuI-tGrZuQlCsFUHCpi-JGfui-EcvTp5IZMPY"
}

The JWT payload contains the tour slug and an exp (expiry) claim.

Use the token

Supply the token when the tour is loaded — the Treedis viewer / embed sends it as pmeToken. Treedis then checks the token before serving the tour:

  • No token on a PME tour → 404 (tour treated as not found)
  • Invalid token → rejected
  • Expired (exp passed) → rejected
  • Slug mismatch (token issued for a different tour) → rejected
  • Valid → the tour loads normally

A typical flow: your backend calls pmeToken/generate to mint a fresh token for an authorized viewer, then loads/embeds the tour with that token. Generate a new token whenever the previous one is near expiry.

A PME token is scoped to one tour (slug) and expires — a token for one tour won't open another, and it stops working after expiresIn seconds. Treat tokens as short‑lived secrets and mint them per session rather than embedding a long‑lived token in a public page.

Validation errors

Condition Result
PME tour loaded without a token 404No token provided
Token can't be decoded Token invalid
Token past its exp Token expired
Token slug ≠ tour slug Token not matching tour
Domain not in the tour's allowed list (if configured) 403Access denied: Domain not allowed
Authentication How to obtain the OAuth2 token used to call pmeToken/generate.