Embed Token Generation

To embed a Bold BI dashboard securely in your application, you must generate an embed token. This token authorizes access and ensures that only permitted users can view or interact with the dashboard.

The following diagram illustrates the token generation flow:

Token Generation Flow diagram

Node

/*
  Example: Embed Token Generation (Node.js)
  Requires: express, crypto, https, http, url
  Install express: npm install express
*/

const express = require('express');
const crypto = require('crypto');
const https = require('https');
const http = require('http');
const url = require('url');

const app = express();

app.post('/tokenGeneration', function (req, res) {
  // Required details
  const serverUrl = "<Bold BI Server URL>";
  const siteIdentifier = "<Site Identifier>";
  const dashboardId = "<Dashboard Id>";
  const userEmail = "<User Email>";
  const embedSecret = "<Embed Secret Key>";

  const serverApiUrl = serverUrl + "/api/" + siteIdentifier;

  // Build query string
  let queryString = "embed_nonce=" + crypto.randomUUID();
  queryString += "&embed_dashboard_id=" + dashboardId;
  queryString += "&embed_user_email=" + userEmail;

  // Sign query string
  const embedSignature = "&embed_signature=" + getSignatureUrl(queryString, embedSecret);
  const embedDetailsUrl = "/embed/authorize?" + queryString + embedSignature;

  // Request token from Bold BI server
  const serverProtocol = url.parse(serverApiUrl).protocol === 'https:' ? https : http;
  serverProtocol.get(serverApiUrl + embedDetailsUrl, function (resultContent) {
    let str = '';
    resultContent.on('data', chunk => { str += chunk; });
    resultContent.on('end', function () {
      const resultJson = JSON.parse(str);
      if (resultJson?.ApiStatus && resultJson.Data?.access_token) {
        res.json({ access_token: resultJson.Data.access_token });
      } else {
        res.status(500).json({ error: "Failed to generate embed token" });
      }
    });
  });
});

// Helper function: Sign query string using embedSecret
function getSignatureUrl(queryString, embedSecret) {
  const hmac = crypto.createHmac('sha256', Buffer.from(embedSecret));
  return hmac.update(queryString).digest('base64');
}

To generate an embed token, you need these mandatory values which is used in backend application.

Property	Description
`serverUrl`	Base URL of your Bold BI application (e.g., `https://your-company.boldbi.com/bi`).
`siteIdentifier`	Unique site/tenant identifier in Bold B (e.g., site/tenant)
`dashboardId`	Unique ID of the dashboard How To get: Open the dashboard in BI application and copy the ID from the browser's URL.
`userEmail`	Email of the user viewing the dashboard. The user must exist in Bold BI and have permission to access it.
`embedSecret`	Secret key used to sign authorization requests. How To get: Retrive this from the Bold BI settings page.

Important: The embedSecret is extremely sensitive. It is highly sensitive and critical to security. Never expose this key to anyone or any publicly accessible location. It must only be stored and used on your backend server to sign embedding requests. The embedSecret should never be exposed in client-side code, mobile apps, or browser consoles. Always store and use it only on your backend server to sign requests. The frontend should only receive the generated embed token, never the embedSecret.

Please provide additional information

Thank you for your feedback and comments.We will rectify this as soon as possible!