Search results

Embed Token Generation

To embed a Bold BI dashboard securely in your application, you must generate an embedToken. This token authorizes access to the dashboard and ensures that only permitted users can view or interact with it.

The process for generating an embedding token has shown in below diagram.

Token Generation Flow diagram

Node

/*
  Required modules for cryptography, URL parsing, and HTTP requests.
  Make sure you have 'express' installed: npm install express
*/
const crypto = require('crypto');
const https = require('https');
const http = require('http');
const url = require('url');

app.post('/tokenGeneration', function () {
   
   // Details needed for generating the embed token
    var serverUrl = "< Bold BI server URL >";
    var siteIdentifier = "< Bold BI server Site Identifier >";
    var dashboardId = "< Dashboard Id >";
    var useremail = "< Bold BI server user Email >";
    var embedSecret = "< Embed Secret key >";

    // Making the BoldBI server API endpoint.
    var serverApiUrl = serverUrl + "/api/" + siteIdentifier;

   // Adding the query string with nonce, dashboard ID and user email.
    var queryString = "embed_nonce=" + crypto.randomUUID();
    queryString += "&embed_dashboard_id=" + dashboardId;
    queryString += "embed_user_email=" + useremail;
    
    // Signing the querystring with the embed secret key.
    var embedSignature = "&embed_signature=" + GetSignatureUrl(queryString,embedSecret);
    var embedDetailsUrl = "/embed/authorize?" + queryString + embedSignature;

   // Send the request to Bold BI server and returns the embed token.
   var serverProtocol = url.parse(serverApiUrl).protocol == 'https:' ? https : http;
   serverProtocol.get(serverApiUrl + embedDetailsUrl, function (resultContent) {
    let str = '';
    resultContent.on('data', function (chunk) {
        str += chunk;
    });
    resultContent.on('end', function () {
            const resultJson = JSON.parse(str);
            // Check if the response is valid and contains the access token
            if (resultJson && resultJson.ApiStatus && resultJson.Data && resultJson.Data.access_token) {
                response.json({ access_token: resultJson.Data.access_token });
            }
        });
    });

})

  // This function will make the queryString to cryptographically signed using the Embed Secret Key. This signature ensures the integrity and authenticity of the request.

  function GetSignatureUrl(queryString,embedSecret)
  {
    var keyBytes = Buffer.from(embedSecret);
    var hmac = crypto.createHmac('sha256', keyBytes);
    data = hmac.update(queryString);
    gen_hmac= data.digest().toString('base64');

   return gen_hmac;
  }

To generate a embed token, you need these mandatory values which is used in backend application.

Property Description
serverUrl The base URL of your Bold BI application (e.g., https://your-company.boldbi.com/bi).
siteIdentifier The unique ID for your Bold BI (e.g., site/tenant)
dashboardId The unique ID of the dashboard you want to embed.
How To get: Open the dashboard in BI application and copy the ID from the browser's URL.
userEmail The email of the user viewing the dashboard. This user must exist in Bold BI and have permission to see the dashboard.
embedSecret The secret key used to sign authorization requests.
How To get: Retrive this from the Bold BI settings page.

Important: The embedSecret is extremely sensitive. It plays an vital level here. Never expose this key to anyone or any publicly accessible location. It must only be stored and used on your backend server to sign embedding requests.