Whereby Embedded API
Hosted WebRTC video meeting platform with an Embedded API for integrating video rooms into web applications via iframe or JavaScript SDK. Meetings are created server-side via REST API and participants join via a URL — no app download required. Supports features like recording, breakout groups, waiting rooms, custom branding, locking rooms, and programmatic participant management. Positioned for telehealth, education, and customer support use cases.
Score Breakdown
⚙ Agent Friendliness
🔒 Security
Single API key with no scope granularity is a blast-radius concern. WebRTC media is encrypted in transit (DTLS-SRTP). HIPAA BAA available for healthcare customers. Domain whitelisting provides some embedding protection. GDPR-compliant data processing with EU data residency option.
⚡ Reliability
Best When
You want a fully hosted WebRTC meeting experience with minimal infrastructure management, embedded into your product via iframe or SDK, and your users should not need to install anything.
Avoid When
You need real-time programmatic control over media streams (e.g., AI audio processing, live transcription integration at the media layer), or you need more than ~50 participants per room.
Use Cases
- • Embedding a branded video consultation room in a telehealth or therapy platform without building WebRTC infrastructure
- • Creating one-time meeting rooms programmatically for each customer support interaction
- • Education platforms embedding video classes with teacher-controlled room management
- • Customer service tools where agents trigger a video call link from a CRM and share it with customers
- • Automated interview scheduling systems that create and share unique room links per appointment
Not For
- • Large-scale video broadcasting to hundreds of simultaneous viewers (max ~50 interactive participants)
- • Platforms needing deep customization of media processing, codec selection, or raw WebRTC access
- • Applications where cost per meeting-minute is a primary concern at scale versus self-hosted solutions
Interface
Authentication
Single API key per organization, passed as a Bearer token in the Authorization header. No per-operation scopes — the API key grants full access to create, delete, and manage all rooms in the organization. Keep the key server-side only.
Pricing
Per-minute billing on meeting participants can add up. Recording storage is metered separately. Verify current pricing at whereby.com as it changes frequently.
Agent Metadata
Known Gotchas
- ⚠ Rooms are created with a default endDate in the future — if no endDate is specified the room may persist indefinitely; agents must explicitly set endDate or delete rooms after use to avoid accumulating billable infrastructure
- ⚠ The hostRoomUrl and roomUrl returned at room creation are the only time these full URLs (with host tokens) are returned; if the agent fails to store the hostRoomUrl, it cannot recover the host-access URL without deleting and recreating the room
- ⚠ Domain whitelisting is required for the embedded iframe to load — the Whereby room will refuse to render if the embedding page's domain has not been added to the account's allowed-domains list; agents setting up new environments must configure this before testing
- ⚠ Webhook events use a simple shared secret for verification rather than HMAC signing; the secret is static and must be rotated manually — agents should validate the secret but also validate event plausibility (roomName, participantId) before acting on webhooks
- ⚠ The JavaScript browser SDK requires a browser context and WebRTC support; it cannot be used in Node.js server environments or headless testing without a real browser runtime — automated test agents must use a real browser (Playwright/Puppeteer) to verify meeting room functionality
Alternatives
Full Evaluation Report
Detailed scoring breakdown, competitive positioning, security analysis, and improvement recommendations for Whereby Embedded API.
Scores are editorial opinions as of 2026-03-06.