To embed a Bold BI dashboard securely in your application, you must generate an embedToken
. This token authorizes access to the dashboard and ensures that only permitted users can view or interact with it.
The process for generating an embedding token has shown in below diagram.
Node
/*
Required modules for cryptography, URL parsing, and HTTP requests.
Make sure you have 'express' installed: npm install express
*/
const crypto = require('crypto');
const https = require('https');
const http = require('http');
const url = require('url');
app.post('/tokenGeneration', function () {
// Details needed for generating the embed token
var serverUrl = "< Bold BI server URL >";
var siteIdentifier = "< Bold BI server Site Identifier >";
var dashboardId = "< Dashboard Id >";
var useremail = "< Bold BI server user Email >";
var embedSecret = "< Embed Secret key >";
// Making the BoldBI server API endpoint.
var serverApiUrl = serverUrl + "/api/" + siteIdentifier;
// Adding the query string with nonce, dashboard ID and user email.
var queryString = "embed_nonce=" + crypto.randomUUID();
queryString += "&embed_dashboard_id=" + dashboardId;
queryString += "embed_user_email=" + useremail;
// Signing the querystring with the embed secret key.
var embedSignature = "&embed_signature=" + GetSignatureUrl(queryString,embedSecret);
var embedDetailsUrl = "/embed/authorize?" + queryString + embedSignature;
// Send the request to Bold BI server and returns the embed token.
var serverProtocol = url.parse(serverApiUrl).protocol == 'https:' ? https : http;
serverProtocol.get(serverApiUrl + embedDetailsUrl, function (resultContent) {
let str = '';
resultContent.on('data', function (chunk) {
str += chunk;
});
resultContent.on('end', function () {
const resultJson = JSON.parse(str);
// Check if the response is valid and contains the access token
if (resultJson && resultJson.ApiStatus && resultJson.Data && resultJson.Data.access_token) {
response.json({ access_token: resultJson.Data.access_token });
}
});
});
})
// This function will make the queryString to cryptographically signed using the Embed Secret Key. This signature ensures the integrity and authenticity of the request.
function GetSignatureUrl(queryString,embedSecret)
{
var keyBytes = Buffer.from(embedSecret);
var hmac = crypto.createHmac('sha256', keyBytes);
data = hmac.update(queryString);
gen_hmac= data.digest().toString('base64');
return gen_hmac;
}
To generate a embed token, you need these mandatory values which is used in backend application.
Property | Description |
---|---|
serverUrl |
The base URL of your Bold BI application (e.g.,
https://your-company.boldbi.com/bi ).
|
siteIdentifier |
The unique ID for your Bold BI (e.g., site/tenant) |
dashboardId |
The unique ID of the dashboard you want to embed. How To get: Open the dashboard in BI application and copy the ID from the browser's URL. |
userEmail |
The email of the user viewing the dashboard. This user must exist in Bold BI and have permission to see the dashboard. |
embedSecret |
The secret key used to sign authorization requests. How To get: Retrive this from the Bold BI settings page. |
Important: The
embedSecret
is extremely sensitive. It plays an vital level here. Never expose this key to anyone or any publicly accessible location. It must only be stored and used on your backend server to sign embedding requests.