This guide discusses how to embed Mattermost into other applications in different ways.
Any web application embedded into another using an iframe is at risk of security exploits, since the outer application intercepts all user input into the embedded application, an exploit known as Click-Jacking. By default, Mattermost disables embedding. If you choose to embed Mattermost we highly recommend it is done only on a private network that you control.
See this recipe for details.
The mobile applications also provide full source code for push notifications.