# Get started with the Contact Center SDK for web

<!-- WARNING: THIS FILE WAS AUTOGENERATED! DO NOT EDIT! -->

> These Contact Center SDK docs are for developers who may not be Contact Center users or admins. To learn to configure campaigns, use flows, and other admin tasks, go to [Zoom's user support docs](https://support.zoom.com/hc/en/search?id=search#q=Contact%20Center&t=All&sort=relevancy).

The Contact Center SDK for web lets users engage with agents directly through video and chat without leaving your app.

## Requirements

To add the video or chat client, you must satisfy these prerequisites.

-   Use a verified subdomain. See [Managing Zoom Contact Center verified domains](https://support.zoom.us/hc/en-us/articles/6985492329357) for details.
-   Have a video or chat flow to get the code to add the client to your page. See [Adding or duplicating a flow](https://support.zoom.us/hc/en-us/articles/4423986675085) for details.
-   Have a Contact Center license and an [entry ID](https://support.zoom.us/hc/en-us/articles/4470447059597) (used to start a video or chat flow).
-   Add the [Content Security Policy header](#content-security-policy-header) to your web server.

### Content Security Policy header

If you're using Content Security Policy (CSP) on your browsers and want to use any Zoom SDK for web, you must configure your web server to return the Content-Security-Policy header. For example, using the [Nginx `add_header` directive](https://nginx.org/en/docs/http/ngx_http_headers_module.html).

```plaintext
add_header 'Content-Security-Policy' "default-src 'self';base-uri 'self';worker-src blob:;style-src 'self' 'unsafe-inline';script-src 'self' 'unsafe-inline' 'unsafe-eval' https://zoom.us *.zoom.us dmogdx0jrul3u.cloudfront.net blob:;connect-src 'self' https://zoom.us https://*.zoom.us wss://*.zoom.us;img-src 'self' https:;media-src 'self' https:;font-src 'self' https:;"
```

For more on CSP, see the [Mozilla](https://developer.mozilla.org/en-US/docs/Web/HTTP/CSP), [web.dev](https://web.dev/csp/), or [W3C](https://www.w3.org/TR/CSP3/) documentation.

You'll need to add this if you see something like this error in the browser console.

```plaintext
CompileError: WebAssembly.instantiate(): Refused to compile or instantiate WebAssembly module because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'strict-dynamic' 'nonce-LxlpktY6Sou9E-ZC46OlZA' blob: https: 'unsafe-inline'"
at 3afbd0c1-54af-4f01-9d3f-8ffb8dcb31cf:1:22144
```

Note: If your browser supports it, you can use `wasm-unsafe-eval` instead of `unsafe-eval`. However, not all browsers support this. See the mdn web docs for [CSP: script-src: Unsafe WebAssembly execution](https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/script-src#unsafe_webassembly_execution) for details.

## Support for PWA

Make sure that your web app supports PWA without impacting existing desktop support. Learn more about [creating apps for the Contact Center for web](/docs/contact-center/apps/create-zcc-apps/).