Integrations
Integrations connect your organization to the outside services it relies on: the account that receives your sales, the account that hosts your videos, and the sites where you embed a course. This page describes how each one works under the hood, who can change it, and how credentials are kept safe.
For programmatic access — API keys and webhooks — see API keys and webhooks.
Where integrations live
Integrations are organization-scoped settings. They appear in the settings shell under the Integrations section, which is only visible to those with an organization owner or admin role.
| Integration | Route | Who can manage it |
|---|---|---|
| Payments | /dashboard/settings/integrations/payments | Owner / admin |
| Video | /dashboard/settings/integrations/video | Owner / admin |
The course embed is configured per piece of content, from the content's own editing screen, rather than from a central settings page.
Payments integration
This integration connects the organization to its own payout account (today via Stripe Connect). Sales settle to the organization, and the platform may retain an application fee.
- Public status — any member can read whether there's a connection, the provider, and the
accountId(acct_…). This id is not a secret: charges use the platform key plus this id, with no per-organization secret to leak. - Restricted management — connecting, saving the account, and disconnecting require an owner or admin role. Disconnecting removes the connection in Cursiva but does not delete the Stripe account itself.
- Onboarding — creating the Stripe account and the onboarding link live in the payments layer; this area orchestrates the connection.
Once the account is connected, checkout, coupons, refunds, and payout timing all flow through the commercial side of your offerings. See Payments and payouts.
Video integration
This integration connects the organization to its own Cloudflare Stream account, to host videos uploaded by the producer themselves.
- Validated and encrypted credentials — when connecting, the account id and token are validated against Cloudflare before being saved; a typo fails on the spot, not silently at upload time. The token is stored encrypted and is only decrypted on the server.
- Direct upload — any member can generate a single-use upload URL; the browser sends the file directly to the organization's Cloudflare account. The bytes don't pass through Cursiva's servers, and the cost account is the organization's. The resulting
uidis what the video block stores. - Restricted management — connecting and disconnecting require an owner or admin role. Disconnecting doesn't interrupt already-published videos, which keep playing via their
uid. - Status without secrets — reading the status never exposes the token.
Beyond self-hosting, the editor's video block also accepts YouTube, Vimeo, and Loom embeds — no video integration required. See Blocks.
Course embed
Cursiva exposes a public embed client (embed.js) to publish a course on external sites, in the style of Cal.com. It's a lightweight, dependency-free loader with three modes:
| Mode | Behavior |
|---|---|
inline | Renders the course in an iframe inside a page element |
popup | Opens the course in a modal on demand |
floatingButton | A fixed button that opens the modal |
The embed URL accepts a theme parameter (for example auto), read by the /embed page, so the embedded course can follow the host site's light or dark mode. Configure and copy the embed snippet from the content's own editing screen.
Integration best practices
- Record who set up each connection, which environment it uses, and how to revoke the credential.
- Treat every token and every secret as sensitive: shown once, stored as a hash or cipher, never in the frontend or screenshots.
- Test in the appropriate environment whenever you switch payment provider, video host, or embed target.