PME — Private Model Embed
PME (Private Model Embed) keeps a tour from being publicly available. When a tour is in PME mode, it can't be opened just by knowing its link — a viewer must present a valid, time‑limited access token scoped to that specific tour. Use it to share or embed a private tour with controlled, expiring access.
How PME works
- A tour is marked PME (private). It is no longer publicly accessible — loading it without a token is rejected.
- To grant access, you generate a PME token for the tour's
slugwith a chosen lifetime (expiresIn, in seconds). - The token is a JWT scoped to that tour's slug and valid only until it expires.
- When the tour is loaded, the token is supplied (as
pmeToken). Treedis validates it and loads the tour only if the token is present, valid, not expired, and its slug matches the tour. - Optionally, a PME tour can also be restricted to specific domains, so the embed only works on sites you approve.
PME tour (private)
└─ generate token (slug + expiresIn) ──► JWT scoped to the tour, expires in N seconds
└─ viewer loads tour with pmeToken ──► valid + unexpired + slug matches?
├─ yes → tour loads
└─ no → access denied
Because minting tokens requires your API credentials, you stay in control of who can open the tour and for how long — hand out only short‑lived tokens, and let them expire.
The PME flag on a tour is managed in the Treedis dashboard (Private Model Embed settings, including allowed domains). This guide covers the API for issuing access tokens to those tours.
Generate a token
POST /v1/api/tours/pmeToken/generate — authenticated with your OAuth2 Bearer token or API key.
| Field | Type | Notes |
|---|---|---|
slug |
string | Required. The tour's slug. |
expiresIn |
integer | Required. Token lifetime in seconds (e.g. 3600 = 1 hour). |
curl -X POST "https://api.treedis.com/v1/api/tours/pmeToken/generate" \
-H "Authorization: Bearer your-access-token" \
-H "Content-Type: application/json" \
-d '{
"slug": "ea753958",
"expiresIn": 3600
}'
The token is returned in data:
{
"status": 200,
"message": "Success",
"timestamp": 1716146262053,
"data": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzbHVnIjoiZWE3NTM5NTgiLCJleHAiOjE3MjMxMDM1NDR9.NI4zOsAuI-tGrZuQlCsFUHCpi-JGfui-EcvTp5IZMPY"
}
The JWT payload contains the tour slug and an exp (expiry) claim.
Use the token
Supply the token when the tour is loaded — the Treedis viewer / embed sends it as pmeToken. Treedis then checks the token before serving the tour:
- No token on a PME tour →
404(tour treated as not found) - Invalid token → rejected
- Expired (
exppassed) → rejected - Slug mismatch (token issued for a different tour) → rejected
- Valid → the tour loads normally
A typical flow: your backend calls pmeToken/generate to mint a fresh token for an authorized viewer, then loads/embeds the tour with that token. Generate a new token whenever the previous one is near expiry.
A PME token is scoped to one tour (slug) and expires — a token for one tour won't open another, and it stops working after expiresIn seconds. Treat tokens as short‑lived secrets and mint them per session rather than embedding a long‑lived token in a public page.
Validation errors
| Condition | Result |
|---|---|
| PME tour loaded without a token | 404 — No token provided |
| Token can't be decoded | Token invalid |
Token past its exp |
Token expired |
Token slug ≠ tour slug |
Token not matching tour |
| Domain not in the tour's allowed list (if configured) | 403 — Access denied: Domain not allowed |

