SeekTable
This documentation page assumes that you already have a SeekTable account. Create your free account by signing up.

Generate embed token for secure reports embedding

Embed token API requires activated "Advanced publishing".

With public links for SeekTable reports, you can easily embed reports in internal web portals/apps. This is a simple, no-code/low-code method available in the SeekTable for reports that can be accessed via a hyperlink or an iframe. To maintain report security and control access to sensitive published reports, you can enable the JSON Web Token (JWT) access control option at the "Configure Published Report" form:

Configure Published Report: Security tab
NOTE: if you use on-prem SeekTable, please ensure that JWT validation is configured and embed token API is enabled.

Now this public link can be accessed only with a valid (non-expired) embed token. This embed token can be generated via API:

POST {SeekTable_BaseUrl}/api/report/embed/generatetoken
{SeekTable_BaseUrl} (required) For cloud SeekTable: https://www.seektable.com/
For on-prem SeekTable: your installation base URL.
Header: Authorization (required) Public link owner's API key (Manage Account → Get API Key).
Request body (required) JSON object with an embedding context properties (all of them are optional): 
{
  "LifetimeInMinutes": 120,
  "ReportIds":["public_link_id"],
  "ReportParameters": {"viewer_id" : "host_app_user_id" }
}
LifetimeInMinutes
The maximum lifetime of the token in minutes, starting from the time it was generated. Default value is 60. For cloud SeekTable, this value cannot exceed 1440.
ReportIds
Restricts usage of this embed token only to specified IDs. This array can contain a report ID, a public link ID or a dashboard ID. To allow access to all JWT-protected public links (owned by the API key's user) do not specify this property or set it to null.
ReportParameters
You can 'hardcode' some report parameters in the embed token. End users will not able to see or change these parameters; in this way you can pass user's context data - like user_id, company_id etc - to apply RLS (row-level security) rules and restrict access to records depending on the viewer.
Response HTTP/200 (OK) when embed token is generated successfully + JSON object in the response body: 
{
  "Token": "token_value_for_public_link_auth_parameter",
  "TokenId": "unique_token_identifier"
}
 
curl -v -H "Authorization: SEEKTABLE_ACCOUNT_API_KEY" -X POST -H "Content-Type: application/json" -d "{}" SEEKTABLE_BASE_URL/api/report/embed/generatetoken

Important: Embed tokens must be generated server-side within your application. Client-side generation is strictly forbidden because it would expose your API key, allowing end-users unrestricted access to all your reports.

Once your host web app obtains an embed token, it can be cached for the current user (for a short period of time, according to the token's lifetime) and added to the public link URL in the auth parameter, for example: 

<frame border="0" frameborder="0" style="width:100%; height: calc(100vh - 100px)"
      src="{SeekTable_BaseUrl}/public/report/{PublicLinkId}?auth={Token}"></<frame>