To embed a Bold BI dashboard securely in your application, you must generate an embed token
.
This token authorizes access and ensures that only permitted users can view or interact with the dashboard.
The following diagram illustrates the token generation flow:
Node
/*
Example: Embed Token Generation (Node.js)
Requires: express, crypto, https, http, url
Install express: npm install express
*/
const express = require('express');
const crypto = require('crypto');
const https = require('https');
const http = require('http');
const url = require('url');
const app = express();
app.post('/tokenGeneration', function (req, res) {
// Required details
const serverUrl = "<Bold BI Server URL>";
const siteIdentifier = "<Site Identifier>";
const dashboardId = "<Dashboard Id>";
const userEmail = "<User Email>";
const embedSecret = "<Embed Secret Key>";
const serverApiUrl = serverUrl + "/api/" + siteIdentifier;
// Build query string
let queryString = "embed_nonce=" + crypto.randomUUID();
queryString += "&embed_dashboard_id=" + dashboardId;
queryString += "&embed_user_email=" + userEmail;
// Sign query string
const embedSignature = "&embed_signature=" + getSignatureUrl(queryString, embedSecret);
const embedDetailsUrl = "/embed/authorize?" + queryString + embedSignature;
// Request token from Bold BI server
const serverProtocol = url.parse(serverApiUrl).protocol === 'https:' ? https : http;
serverProtocol.get(serverApiUrl + embedDetailsUrl, function (resultContent) {
let str = '';
resultContent.on('data', chunk => { str += chunk; });
resultContent.on('end', function () {
const resultJson = JSON.parse(str);
if (resultJson?.ApiStatus && resultJson.Data?.access_token) {
res.json({ access_token: resultJson.Data.access_token });
} else {
res.status(500).json({ error: "Failed to generate embed token" });
}
});
});
});
// Helper function: Sign query string using embedSecret
function getSignatureUrl(queryString, embedSecret) {
const hmac = crypto.createHmac('sha256', Buffer.from(embedSecret));
return hmac.update(queryString).digest('base64');
}
To generate an embed token, you need these mandatory values which is used in backend application.
Property | Description |
---|---|
serverUrl |
Base URL of your Bold BI application (e.g.,
https://your-company.boldbi.com/bi ).
|
siteIdentifier |
Unique site/tenant identifier in Bold B (e.g., site/tenant) |
dashboardId |
Unique ID of the dashboard How To get: Open the dashboard in BI application and copy the ID from the browser's URL. |
userEmail |
Email of the user viewing the dashboard. The user must exist in Bold BI and have permission to access it. |
embedSecret |
Secret key used to sign authorization requests. How To get: Retrive this from the Bold BI settings page. |
Important: The
embedSecret
is extremely sensitive. It is highly sensitive and critical to security. Never expose this key to anyone or any publicly accessible location. It must only be stored and used on your backend server to sign embedding requests. TheembedSecret
should never be exposed in client-side code, mobile apps, or browser consoles. Always store and use it only on your backend server to sign requests. The frontend should only receive the generated embed token, never the embedSecret.