Notion Widgets

One term you often see in Notion circles is “Notion Widgets”. But what are they, and how do they relate to Notion Integrations?

What is a widget? #

Notion allows users to embed arbitrary web pages, using embed blocks (with the /embed shortcut). A Notion Widget is simply an embeddable web page designed to provide some information or functionality on a Notion page; typically this would be optimized as a small box with minimal or no page headers, footers, etc. Examples of types of Notion widgets include calendars, calculators, count down timers, weather display, a Twitter feed, stock ticker, or stylized buttons instead of simple links. Many users create a dashboard page including a variety of widgets with information they want to have at their fingertips, or some templates benefit from having a general or specialized calculator handy.

Examples of Widgets #

Here are some examples of some free Notion widgets that don’t require a login to another service.

Minimal Calculator from Notion Widgets Gallery by Shorouk Abdelaziz

Butn to make styled buttons to go to a link:

Flocus Pomodoro Timer by Gridfiti

These are all simple web pages that are marketed as Notion widgets but don’t interact with Notion itself in any way.

Can I use a widget as part of an API integration? #

Yes, but be very careful not to accidentally expose private information, and there are limits to what you can do.

A widget is simply a URL running in an embed block, and Notion doesn’t provide any mechanism to communicate between a widget and the page, or, to know what page it’s on, what Notion user is viewing it, or if it’s even running inside a Notion page at all. This makes it tricky to do things in a way that both keep things private and enables collaboration with appropriate users, or that interacts with the specific page it’s loaded in. How much of an issue that is depends on your use case and your users security needs.

Widgets don’t know what page they’re on #

One reason you might want a widget is to show information about to the page it’s on, or some other related information, like the database it’s in or the subpages.

You can’t reliably make an integration based on showing information in the page it’s embedded in - you can generate a unique URL to show information for a specific page or database, but there’s no way to guarantee that this is the page it’s actually being displayed in.

For example, lets say you wanted to make a widget to show off some information about word count, reading level, etc. of a page’s content to help with writing. So you have a UI where your users can generate a link to a specific page, and the user embeds this into a page, and everything works ok at first. But now, the user wants to use this on many pages, so they include it in a template - but now every page made with that template is pointing to the same source page, not information for the page the widget is displayed on.

Widgets don’t know which Notion user is looking at them #

Lets say you want to make a chart out of information in a Notion database. It’s completely technically possible to get permission to that data via the API and to make the chart. But when you go to make a widget, it either has to be available without a log in, or, shared with specific people through a separate system than the Notion permissions to the page. The first potentially exposes sensitive information, while the second can make collaboration much more difficult.

That being said, public doesn’t mean it’s easy to find. You can create a unique, hard to guess URL, and add metadata like noindex to discourage search engines from indexing it. This then makes it similar to Notion’s Share to Web option (also referred to as public page). Sometimes that’s enough, but not always, and if you choose this option, make sure to let users know that anyone can access the page with the URL.

Another mitigation is to require a log in. If you’re targeting individual users, adding an option to sign-in, particularly a social sign in like login with Google or Facebook on so that only they can see it is a great option. If you’re targeting corporate users of Notion, such as those using Notion’s Enterprise tier, another level of security would be to add a login leveraging their single sign on systems, like Azure AD, or a tool you expect your specific target audience to be using, like GitHub.

I think these are particularly concerning if your integration lets users edit content in Notion (especially when that’s not extremely limited), or directly displays non-aggregated data from Notion. A project’s burndown chart, for example, is far less sensitive than the details of the tasks themselves!

I don’t think there’s any great general solution here at the moment, but there might be something that fits the needs of your integration and the security needs of your users. Solving those problems would likely require a JavaScript widget library provided by Notion to pass information from the host page securely. An example of such an API is the Microsoft Office JavaScript API.

Summary #

A Notion widget is a small web page that’s embedded into a Notion page to provide information or functionality, that can’t directly interact with the Notion page it’s hosted in. While there probably are use cases for using a Widget in tandem with an API integration, there are currently major usability limitations and security concerns, because there’s no way to know which Notion user is accessing the widget or which page it’s on.