My Profile
Sign Out
Tickets
Knowledge Base
Login
Articles in this section
Category / Section
  2. Embedding

Difference in Access Tokens from REST APIs and Authorize API in JS Embedding

Published:

Understanding Access Tokens in Bold BI Embedding and Authorization

Overview

In Bold BI, access tokens play a crucial role in securing and authorizing API calls. There are two types of access tokens that are used for different purposes: one obtained from the Authorize API and the other from the REST APIs Embed Secret Authentication or Password Authentication. This article explains the differences between these two types of tokens and their specific use cases in the context of JavaScript embedding and REST API calls.

Access Tokens from Authorize API

The Authorize API is integral to the JavaScript embedding process in Bold BI. It provides not only the access token but also the dashboard details required for embedding. The token obtained from this API is essential for the Embed SDK to make REST API calls to the Bold BI application.

Key Characteristics:

  • The token is part of the response from the Authorize API, which is triggered by the Embed SDK.
  • It is used for making REST API requests for embedding purposes.
  • The token and dashboard details cannot be generated independently. These details can be obtained from Bold BI using the API request call made through the authorize API, this call will be validated using a signature URL.
  • The expiration time of the token can be customized using the JavaScript API parameter “expirationTime” with a maximum value of 7 days. It’s default value is 1 day.

Access Tokens from the REST APIs “Embed Secret Authentication” or “Password Authentication”

These APIs are used to generate access tokens for authorizing general REST API calls. This token is suitable for operations such as retrieving Get_Dashboards REST API but should not be used for embedding dashboards.

Key Characteristics:

  • Suitable for authorizing REST API calls like Get_Dashboards REST API.
  • Not recommended for embedding dashboards, which requires a different authorization process.
  • The token has a fixed lifespan of 7 days and cannot be customized.

Best Practices for Invoking REST APIs

For invoking REST API calls, it is recommended to obtain the access token using the Embed Secret Authentication or Password Authentication. These methods ensure that the token is generated correctly and has the appropriate permissions for the intended API operations.

Conclusion

Understanding the distinction between the access tokens from the Authorize API and the REST APIs Embed Secret Authentication or Password Authentication is important for developers working with Bold BI. The correct usage of these tokens ensures secure and authorized interactions with the Bold BI application, whether for embedding dashboards or making general REST API calls.

Additional References

Was this article useful?
Like
Dislike
Help us improve this page
Please provide feedback or comments
SM
Written by Soundarya Mani Meharan
Updated:
Comments (0)
Please  to leave a comment
Access denied
Access denied