---
title: "Browser widget"
description: "Quote and create deliveries from trusted browser origins."
---

# Browser widget

The Widget API is for browser-side checkout flows. It uses publishable keys and origin validation.

## Endpoints

| Endpoint | Purpose |
| --- | --- |
| `GET /v1/widget/couriers` | List courier companies. |
| `POST /v1/widget/quotes` | Request quotes. |
| `POST /v1/widget/deliveries` | Create a delivery. |
| `GET /v1/widget/deliveries/{id}` | Read widget-safe delivery details. |

## Authentication

```http
Authorization: Bearer pk_live_...
```

Configure allowed origins in the dashboard. Requests from untrusted origins return `403`.

## Quote example

```js
const response = await fetch("https://entrega.ao/v1/widget/quotes", {
  method: "POST",
  headers: {
    "Authorization": `Bearer ${publishableKey}`,
    "Content-Type": "application/json"
  },
  body: JSON.stringify({
    origin: {address_line: "Rua 21 de Janeiro", city: "Luanda", province: "Luanda"},
    destination: {address_line: "Rua Marien Nguabi", city: "Luanda", province: "Luanda"},
    parcel: {weight_grams: 1200}
  })
})

const {data: quotes} = await response.json()
```

## When to use the Core API instead

Use the Core API from your backend when you need to:

- Hide business metadata.
- Create deliveries after server-side payment confirmation.
- Store your own order mapping before delivery creation.
- Avoid exposing any delivery creation path in the browser.