Integration

Elsa Studio is a flexible, framework-agnostic web application that can be integrated into various host frameworks. This guide covers integration patterns for React, Angular, Blazor, and ASP.NET Core MVC/Razor Pages, along with common configuration considerations.

Overview

Elsa Studio provides a visual workflow designer that connects to Elsa Server (the backend API). Depending on your application architecture and technology stack, you can integrate Studio in several ways:

• Separate Application: Studio runs as a standalone app (recommended for most scenarios)

• Embedded in Host: Studio is embedded within your application's UI

• Iframe Integration: Studio is loaded in an iframe with cross-origin communication

• Same Process: Studio and Server run in the same ASP.NET Core process

Common Integration Approaches

Before diving into framework-specific details, let's understand the common patterns:

1. Separate App with Reverse Proxy

Studio and your application run as separate services, with a reverse proxy routing requests:

┌──────────────────────────────────────────┐
│          Reverse Proxy (nginx)           │
│                                          │
│  /studio/* ──> Elsa Studio (Port 5001)  │
│  /api/*    ──> Elsa Server (Port 5000)  │
│  /*        ──> Your App (Port 3000)     │
└──────────────────────────────────────────┘

Advantages:

• Clean separation of concerns

• Independent deployment and scaling

• No framework coupling

• Easy to update Studio independently

Disadvantages:

• Requires reverse proxy configuration

• CORS considerations for API calls

• Shared authentication must be configured

2. Iframe Embedding

Studio is loaded in an iframe within your application:

Advantages:

• Simple integration

• Studio updates don't affect your app

• Clear security boundary

Disadvantages:

• Iframe restrictions (sizing, navigation)

• PostMessage required for communication

• CORS and authentication complexity

3. Direct Embedding (Blazor/MVC)

Studio is embedded directly into an ASP.NET Core application:

Advantages:

• Single deployment unit

• Shared authentication/authorization

• No CORS issues

• Simplified configuration

Disadvantages:

• Tighter coupling

• Shared resources (memory, CPU)

• Updates require full app deployment

Configuration Common to All Patterns

Regardless of integration approach, you'll need to configure:

Base API URL

Studio needs to know where Elsa Server's API is located:

Or via environment variable:

Authentication

Studio must authenticate with Elsa Server. Common approaches:

API Key (Simplest)

Bearer Token (OAuth2/OIDC)

Studio will include the token in API requests:

Cookie-Based (Same Domain)

When Studio and Server share a domain, cookies can be used:

CORS Configuration

If Studio and Server are on different origins, configure CORS on the server:

React Integration

React applications typically integrate Studio as a separate service or via iframe.

Pattern 1: Separate Service

Studio Setup (Standalone Blazor):

React App:

Navigation Integration:

Pattern 2: Reverse Proxy

Vite Config (Development):

Nginx (Production):

Angular Integration

Angular follows similar patterns to React.

Pattern 1: Iframe Integration

Component:

Routing:

Pattern 2: Proxy Configuration

angular.json (Development):

proxy.conf.json:

Blazor Integration

Blazor offers the tightest integration since both Studio and your app use Blazor.

Pattern 1: Same Process (Recommended)

Studio runs in the same ASP.NET Core application:

Program.cs:

Navigation Integration:

Pattern 2: Embedded Component

Embed Studio as a component in your Blazor page:

For detailed Blazor integration, see the Blazor Dashboard Integration guide.

MVC / Razor Pages Integration

ASP.NET Core MVC and Razor Pages can host Studio in the same process.

Pattern 1: Separate Routes

Program.cs:

View Integration:

Pattern 2: Iframe in View

Authentication Integration

Shared Cookie Authentication

When Studio and your app share a domain:

JWT Token Authentication

When Studio is separate from the server:

Server Configuration:

Studio Configuration:

Client-Side Token Passing:

⚠️ Security Warning: Do not store authentication tokens in localStorage or sessionStorage, as they are accessible to JavaScript and vulnerable to XSS attacks.

Recommended approaches:

• Use HttpOnly, Secure cookies for authentication/session tokens.

• For OAuth2/OIDC, use the Authorization Code flow with PKCE and keep tokens only in memory.

• If using cookies, ensure CSRF protections are in place.

For more information, see OWASP SPA Authentication Cheat Sheet.

Production Deployment Patterns

Docker Compose

Kubernetes

Troubleshooting

CORS Issues

Symptom: API requests from Studio fail with CORS errors.

Solution:

Authentication Not Working

Symptom: Studio shows "Unauthorized" when loading workflows.

Solution: Check that:

1. Studio is configured with correct API URL

2. Authentication scheme matches server configuration

3. Tokens/cookies are being sent with requests

4. Server authentication middleware is properly configured

Iframe Not Loading

Symptom: Studio doesn't load in iframe.

Solution: Check Content Security Policy:

Summary

Integrating Elsa Studio into your application depends on your framework and requirements:

• React/Angular: Use separate service with reverse proxy or iframe

• Blazor: Use same-process integration with MapElsaStudio()

• MVC/Razor Pages: Use same-process or iframe integration

• All Frameworks: Configure base API URL, authentication, and CORS appropriately

For more detailed framework-specific guidance:

• Blazor Dashboard Integration - Comprehensive Blazor guide

• Custom UI Components - Extending Studio UI

• Authentication & Authorization - Security configuration

Choose the pattern that best fits your architecture, deployment requirements, and team expertise.