Installation
Install the Encatch Web SDK before launching in-app feedback and surveys on your website
Before you can collect in-app feedback with Encatch, install the Encatch Web SDK (@encatch/web-sdk) on your site once. After that, create and configure feedback forms, targeting rules, and automatic triggers in the Encatch dashboard without redeploying your app.
How the SDK loads
Both installation methods ship a loader stub (dist/encatch.iife.js from CDN or dist/encatch.es.js from npm). When you call _encatch.init('your-publishable-sdk-key'), Encatch injects the full implementation from https://form.encatch.com/s/sdk/v1/encatch.js as a module script. API requests go to https://api.encatch.com by default. Commands sent before that remote script finishes loading are queued in _q and replayed when the implementation loads.
What you need from the Encatch dashboard
Before you install
- Publishable SDK key — Settings → Security → Publishable SDK Keys → Create Publishable SDK Key. Copy Your Publishable SDK Key when shown — Encatch displays the full key only once at creation.
- Allowed Domains / Packages — On that key, add your site origin (for example
https://app.example.com). Up to 10 entries per key (each up to 100 characters). Avoid*in production. - Form slug or UUID — Open your feedback form → Triggers → Manual Trigger. Use the Form Slug or Feedback Configuration UUID in
showForm(). - Targeting (optional) — Configure in-app targeting and triggers for automatic launches.
Locate your publishable SDK key
In the Encatch dashboard (route: Settings → Security → Publishable SDK Keys):
- Open your Encatch project.
- Click Create Publishable SDK Key (or select an existing key under the Active keys tab).
- Fill in Basic Information — Key Name and Application Name / Identifier (each max 25 characters).
- Expand Access Configuration — set Expiry Period and Allowed Domains / Packages (required).
- Optionally expand Security Configuration — Secret Key (server-side only, for HMAC
identifyUsersignatures) and Session time (minutes).
Copy Your Publishable SDK Key on the confirmation step, then click Close. See Publishable SDK Keys.
Pass the key to _encatch.init('your-publishable-sdk-key'). Only the first init() call runs — Encatch logs [Encatch] SDK already initialized. Ignoring init call. on duplicate calls.
Installation options
Encatch supports two ways to load @encatch/web-sdk:
CDN / Script Tag
Load dist/encatch.iife.js from jsDelivr. One script tag, global window._encatch — no npm or bundler. Best for static sites, marketing pages, and documentation sites.
NPM Package
npm, yarn, or pnpm install @encatch/web-sdk. import { _encatch } from '@encatch/web-sdk' with TypeScript types. Requires Node.js >= 18. Best for React, Vue, Next.js, and Astro.
Both methods expose the same _encatch API — modal form iframes, user identification, trackScreen / trackEvent, session management, and source tracking.
Complete setup in one of the method guides below, then use the sections on this page for identify, launch, and troubleshooting.
Minimal init (either method)
_encatch.init('your-publishable-sdk-key');
_encatch.startSession();
_encatch.showForm('your-form-slug-or-uuid');Form Slug (from Triggers → Manual Trigger) must be 15–100 characters, start with a lowercase letter, and use only a–z, 0–9, -, and _. Alternatively pass the Feedback Configuration UUID from the same screen.
After a successful identifyUser(), Encatch calls startSession() internally — you do not need startSession() before identify.
Identify users
Encatch uses identified users for in-app targeting, manual segments, user traits, and response attribution.
Call identifyUser after init():
_encatch.identifyUser('user@example.com', {
$set: { name: 'Alice', plan: 'team' },
});userName must match Encatch server validation: 1–50 characters, only letters, digits, and ., _, @, -. The Encatch admin app uses the signed-in user's internal ID as userName and $set: { email, name } for traits.
On success, Encatch stores the user pair in localStorage and starts a session automatically. Method-specific examples:
For $set, $setOnce, $increment, secure HMAC signatures (optional Secret Key on the publishable SDK key), and full rules, see Identify users.
Launch feedback forms
Manual launch — showForm() with the slug or UUID from Triggers → Manual Trigger:
_encatch.showForm('your-form-slug-or-uuid');
_encatch.showForm('your-form-slug-or-uuid', {
reset: 'always',
context: { plan: 'team', feature: 'checkout' },
});Automatic launch — enable an Automatic Trigger in the dashboard. The SDK evaluates launch rules (page visit, tracked event, delay, and more) without a manual showForm() call.
Subscribe to lifecycle events with _encatch.on() — for example form:show, form:submit, form:complete, form:ctaTriggered. See Client Reference for all event types.
Track pages and events
_encatch.trackScreen('Dashboard');
_encatch.trackEvent('checkout_completed');Both calls are no-ops until a device id exists — establish one with startSession() or a successful identifyUser() first. With an active session, SPA navigations (pushState, replaceState, popstate) also trigger trackScreen with the full page URL.
Merge UTM and campaign params with addSourceTracking() before showForm() — see source tracking.
Troubleshoot installation
If Encatch forms do not appear or API calls fail:
- Publishable key — Value in
init()must match an Active key (Settings → Security → Publishable SDK Keys → Active keys tab). Check the key is not Expired, Deleted, or Inactive (shown in Info and Actions on the key row). - Allowed Domains / Packages — Page origin must match an entry on that key (for example
https://your-app.com). Avoid*in production. - Form published — Publish the feedback form in the dashboard before testing. Slug must pass validation (15–100 chars, rules above) or use the configuration UUID.
- Client-side only — Call
init()in the browser afterwindowis available (not during SSR). See NPM Package — Next.js. - Init timing — Call
init()early. Encatch queues calls untilform.encatch.com/s/sdk/v1/encatch.jsloads. - Content Security Policy — Allow
form.encatch.comandapi.encatch.com; addcdn.jsdelivr.netonly for CDN / Script Tag. See Content Security Policy. - Session stopped — After
stopSession(), callstartSession()oridentifyUser()again.stopSession()persists across reloads until you restart tracking. - Silent tracking —
trackEvent/trackScreendo nothing (no error) if no device id exists yet — callstartSession()oridentifyUser()first.
Step-by-step setup: CDN / Script Tag · NPM Package
Rate limits
When using the Encatch Web SDK to track user data and collect feedback responses, these limits apply to production projects:
| Limit scope | Requests per minute |
|---|---|
| Per project | 40,000 |
| Per contact / user ID | 100 |
| Per IP address | 300 |
Sandbox projects use 50 / 10 / 50 per minute (project / contact / IP). Encatch returns 429 Too Many Requests when exceeded, with X-RateLimit-Limit, X-RateLimit-Remaining, and X-RateLimit-Reset on API responses. See SDK Rate Limits.
Next steps
- Client Reference — full
_encatchAPI (addToResponse, themes, session control, custom form UX) - CDN / Script Tag · NPM Package — detailed install and init
- Build a feedback form
- Automatic Trigger — launch forms from dashboard rules without code changes
Was this page helpful?