Notion allows users to embed arbitrary web pages, using embed blocks (with the /embed shortcut). A Notion Widget is simply an embeddable web page designed to provide some information or functionality on a Notion page; typically this would be optimized as a small box with minimal or no page headers, footers, etc. Examples of types of Notion widgets include calendars, calculators, count down timers, weather display, a Twitter feed, stock ticker, or stylized buttons instead of simple links. Many users create a dashboard page including a variety of widgets with information they want to have at their fingertips, or some templates benefit from having a general or specialized calculator handy.
Here are some examples of some free Notion widgets that donât require a login to another service.
Minimal Calculator from Notion Widgets Gallery by Shorouk Abdelaziz
Butn to make styled buttons to go to a link:
Flocus Pomodoro Timer by Gridfiti
These are all simple web pages that are marketed as Notion widgets but donât interact with Notion itself in any way.
Yes, but be very careful not to accidentally expose private information, and there are limits to what you can do.
A widget is simply a URL running in an embed block, and Notion doesnât provide any mechanism to communicate between a widget and the page, or, to know what page itâs on, what Notion user is viewing it, or if itâs even running inside a Notion page at all. This makes it tricky to do things in a way that both keep things private and enables collaboration with appropriate users, or that interacts with the specific page itâs loaded in. How much of an issue that is depends on your use case and your users security needs.
One reason you might want a widget is to show information about to the page itâs on, or some other related information, like the database itâs in or the subpages.
You canât reliably make an integration based on showing information in the page itâs embedded in - you can generate a unique URL to show information for a specific page or database, but thereâs no way to guarantee that this is the page itâs actually being displayed in.
For example, lets say you wanted to make a widget to show off some information about word count, reading level, etc. of a pageâs content to help with writing. So you have a UI where your users can generate a link to a specific page, and the user embeds this into a page, and everything works ok at first. But now, the user wants to use this on many pages, so they include it in a template - but now every page made with that template is pointing to the same source page, not information for the page the widget is displayed on.
Lets say you want to make a chart out of information in a Notion database. Itâs completely technically possible to get permission to that data via the API and to make the chart. But when you go to make a widget, it either has to be available without a log in, or, shared with specific people through a separate system than the Notion permissions to the page. The first potentially exposes sensitive information, while the second can make collaboration much more difficult.
That being said, public doesnât mean itâs easy to find. You can create a unique, hard to guess URL, and add metadata like noindex to discourage search engines from indexing it. This then makes it similar to Notionâs Share to Web option (also referred to as public page). Sometimes thatâs enough, but not always, and if you choose this option, make sure to let users know that anyone can access the page with the URL.
Another mitigation is to require a log in. If youâre targeting individual users, adding an option to sign-in, particularly a social sign in like login with Google or Facebook on so that only they can see it is a great option. If youâre targeting corporate users of Notion, such as those using Notionâs Enterprise tier, another level of security would be to add a login leveraging their single sign on systems, like Azure AD, or a tool you expect your specific target audience to be using, like GitHub.
I think these are particularly concerning if your integration lets users edit content in Notion (especially when thatâs not extremely limited), or directly displays non-aggregated data from Notion. A projectâs burndown chart, for example, is far less sensitive than the details of the tasks themselves!
I donât think thereâs any great general solution here at the moment, but there might be something that fits the needs of your integration and the security needs of your users. Solving those problems would likely require a JavaScript widget library provided by Notion to pass information from the host page securely. An example of such an API is the Microsoft Office JavaScript API.
A Notion widget is a small web page thatâs embedded into a Notion page to provide information or functionality, that canât directly interact with the Notion page itâs hosted in. While there probably are use cases for using a Widget in tandem with an API integration, there are currently major usability limitations and security concerns, because thereâs no way to know which Notion user is accessing the widget or which page itâs on.