Customize
The iframe URL accepts a number of query parameters that control its behaviour and appearance. This page is the canonical reference: every parameter the iframe supports is listed below, and each one is explained in detail in the sections that follow.
Use the generator to preview and copy a configured iframe URL.
The generator uses a sample company identifier so the preview works. Replace it with your own identifier before deploying.
Quick reference​
company(required): short-lived company identifier (also called app key) issued from your S2S API token. See the Security page for how to generate it.companyCallbackUrl: overrides the default callback URL to which the diagnostic report is pushed. See the Callback URL override section.isForPatient(default0): when1, simplifies questionnaire wording for non-clinical users.enableResult(default1): toggles the display of diagnostic results to the user.showQuestionnairesHeader(default1): controls the visibility of the questionnaire title.enableDiagnosisSupport(default1): when0, skips the condition-identification step and only measures severity.forcedScoringSystems: comma-separated list of scoring system codes that must be calculated regardless of the diagnostic confidence level.enableAnamnesis(default0): when1, shows the anamnesis form.macroscopicMedia(defaultdisabled): whether a context (macroscopic) image is required. Allowed values:disabled,optional,required.enableExtendedInstructions(default0): when1, shows the full set of photo-taking best practices.enableAlternativeCameraModule(default0): enables the in-iframe camera module (workaround for frameworks that block file inputs).enableAlternativeCameraModuleAndroid(default0): same as the previous flag, scoped to Android.primary: hexadecimal color code for the primary UI color.secondary: hexadecimal color code for the secondary UI color.fontFamily: font family used inside the iframe. Supported:Roboto,Montserrat.locale(defaulten): application language. Supported:en,es.extraData: Base64-encoded JSON with additional data attached to the report (for example a patient identifier). Hidden from end users.enableExtraDataInPdf(default0): when1, prints theextraDatavalues in the generated PDF report.
The rest of this page describes each parameter in detail, grouped by purpose.
Patient mode​
When the primary users of the iframe are patients, set isForPatient=1. This rewrites the questionnaires in plainer language. For example, instead of the technical label Itchiness, the patient sees How would you describe how itchy you feel?.
Visibility of the results​
The default behaviour is to show the results to the user once their photo has been processed. Pass enableResult=0 to hide the results and display only a confirmation message.
Questionnaire title​
showQuestionnairesHeader controls the visibility of the title above the questionnaires (the "Medical questionnaire" heading). Default 1.
Diagnostic support​
The enableDiagnosisSupport parameter controls whether the AI-powered diagnostic-support feature runs.
When disabled (enableDiagnosisSupport=0), the iframe skips the condition-identification step entirely. This is useful when the patient's condition is already known and the goal is only to measure severity. For example, when a clinician has confirmed a diagnosis and wants to track PASI or SCORAD scores over time without triggering a new diagnostic analysis.
Forced scoring systems​
forcedScoringSystems is a comma-separated list of scoring-system codes that should be calculated regardless of the diagnostic-confidence level:
https://iframe.legit.health/?company=XXX&forcedScoringSystems=aladinLocal,ascoradLocal
Available scoring systems​
aladinLocal: Acne Lesion estimation grading index (IGA acne).agppgaLocal: Generalized Pustular Psoriasis Physician Global Assessment.aihs4Local: International Hidradenitis Suppurativa severity score.apasiLocal: Automatic Psoriasis Area and Severity Index.asaltLocal: Automatic Severity of ALopecia Tool.ascoradLocal: SCORAD for atopic dermatitis.auasLocal: Urticaria Activity Score.awosiLocal: Pressure ulcers assessment.pure4: Psoriatic arthritis UnclutteRed screening Evaluation.sevenPc(or7PC): 7-point checklist for pigmented lesions.uct: Urticaria Control Test.
If forcedScoringSystems is not specified, the iframe automatically calculates the scoring system whenever the condition detected by the diagnostic-support algorithm has a confidence level above 40% and an associated scoring system. This keeps the workflow streamlined: the most probable conditions are assessed for severity without requiring explicit configuration.
Anamnesis questionnaire​
The enableAnamnesis parameter shows or hides the anamnesis form. The default is 0, so pass enableAnamnesis=1 to display it.
There are two types of question the iframe can ask:
Generic questions​
When the anamnesis form is enabled, the user sees five clinically relevant questions that are not tied to a specific condition:
- What is the reason for the consultation? How did the problem start? Describe the origin.
- Do you have any allergies, especially to medications? If yes, list allergies.
- Are you taking any medication or treatment? If yes, explain what treatment you are taking.
- Do you have any major illness? Have you had anything operated on?
- Is there any history of major illness in your family?
Condition-specific questions​
If the AI identifies a condition with sufficient confidence, the iframe automatically appends the questionnaire associated with that condition. For example, if the lesion is psoriasis with high probability, the patient is asked the PASI questions the AI cannot derive from the image.
The condition-specific questions are the ones that make up each scoring system. See the Advanced → Scoring systems section.
Image upload​
In the iframe, the user uploads images by clicking on Click here to add an image. This opens the camera or the file picker.
Users can upload multiple images of the same lesion:
When this happens, all images belong to the same DiagnosticReport and constitute a single call to the device.
Image quality​
The device runs a technology called DIQA that measures the visual quality of every uploaded image. If the score is below 60, the iframe asks the user to re-upload after correcting the issue.
The score is included in the message posted by the iframe:
"originalMedia": {
"type": "Image",
"modality": "Clinical",
"diqaScore": 74, // 👈
// ...
},
Macroscopic image​
macroscopicMedia controls whether the user must upload a context (macroscopic) image:
disabled(default): the field is hidden.optional: the user may upload a macroscopic image.required: the user must upload a macroscopic image to proceed.
This is useful when visual context is essential, for example in clinical assessments where a wide shot complements a close-up.
Extended instructions​
enableExtendedInstructions=1 shows a full set of best practices for taking photos. Default 0 displays a minimal set.
Alternative camera module​
Frameworks such as Ionic often restrict hardware access (particularly the camera) when content is rendered inside an iframe. The standard <input type="file"> flow that the iframe uses by default is blocked in those environments, so we ship an alternative module that requests camera access directly from the iframe.
This issue mainly affects Android devices running Ionic-based applications. You may need to enable enableAlternativeCameraModuleAndroid specifically for those.
enableAlternativeCameraModule=1: turns on the alternative module on every platform.enableAlternativeCameraModuleAndroid=1: turns it on for Android only.
Colors and font family​
Primary and secondary colors are customised through the primary and secondary parameters (hex codes).
For typography, the iframe currently supports Roboto and Montserrat via the fontFamily parameter. Reach out if you need an additional font and we will do our best to include it.
Language​
The interface language is set with the locale parameter (en, es). If you require another language, please contact us.
Extra data​
extraData accepts any string and is attached to the report. It is a convenient place to pass identifiers that should travel with the report but stay hidden from users, such as patient identifiers, insurance providers, or episode references:
const data = toBase64(JSON.stringify({ patient: "XXX", insuranceProvider: "YYY" }));
By default, extraData is stored on the report but not printed in the generated PDF. Set enableExtraDataInPdf=1 to include it in the PDF. This is useful when the PDF is delivered directly to a clinician or patient and the extra data should be visible in the document.
Callback URL override​
During the configuration of your company, the integrator provides a default callback URL to which Legit.Health pushes the diagnostic report once the analysis finishes. The companyCallbackUrl parameter lets you override that default at the iframe level, which is useful when the same company identifier is reused across environments (staging, production) or across products that need the report delivered to different endpoints:
https://iframe.legit.health/?company=XXX&companyCallbackUrl=https://your-server.example.com/legit-health-webhook
The URL must be reachable from the public internet, accept POST requests, and respond with a 2xx status code. The payload your endpoint receives matches the JSON schema described in the Output → JSON Formats section.
companyCallbackUrl enables a push delivery model: Legit.Health POSTs the report to your endpoint as soon as it is ready. If you prefer to pull the report on demand using the report id returned by the analysis_completed postMessage, use the API Endpoint instead. Both models can coexist.
Next Steps​
- Securing production access? See the Security page.
- Want to know which platform-specific code is needed? See the Platforms section.
- Need to handle callbacks from the iframe? See the Callbacks section.