Wednesday, February 15, 2023
HomeBig DataScale Amazon QuickSight embedded analytics with new API-based area permit itemizing

Scale Amazon QuickSight embedded analytics with new API-based area permit itemizing

Amazon QuickSight is a fully-managed, cloud-native enterprise intelligence (BI) service that makes it simple to connect with your knowledge, create interactive dashboards, and share these with tens of 1000’s of customers, both inside QuickSight itself or embedded in apps and portals.

QuickSight Enterprise Version just lately launched the flexibility to dynamically permit checklist the domains the place QuickSight content material might be embedded. This permits builders to shortly embed dashboards throughout a number of apps, portals, or web sites, with no need to make this modification on the QuickSight administrative console each time. Along with QuickSight’s present dashboard theming and templating capabilities, this new characteristic permits builders to quickly develop and deploy QuickSight dashboards and visualizations for a wide range of use instances throughout varied purposes with ease. Let’s check out how this works.

Resolution overview

To embed a QuickSight dashboard utilizing APIs, you need to use one of many following embedding APIs:

In these APIs, now you can move the area the place you need to embed your dashboard utilizing the brand new parameter AllowedDomains:

POST /accounts/AwsAccountId/embed-url/registered-user HTTP/1.1
Content material-type: utility/json
   "AllowedDomains": [ "string" ],
   "ExperienceConfiguration": { 
      "Dashboard": { 
         "InitialDashboardId": "string"
      "QSearchBar": { 
         "InitialTopicId": "string"
      "QuickSightConsole": { 
         "InitialPath": "string"
   "SessionLifetimeInMinutes": quantity,
   "UserArn": "string"

You may add as much as three domains in a single API name as an array checklist. All of the domains must be SSL enabled (utilizing HTTPS protocol). If you wish to check out the embedded dashboard in your native machine, you’ll be able to permit checklist http://localhost through the AllowedDomains parameter. For instance, if you wish to embed a dashboard in your SaaS utility known as, you set AllowedDomains to be within the API name. You may also allow sub domains by passing *, for instance, https://*

AllowedDomains is an non-obligatory parameter. If you happen to don’t specify any domains through this parameter, you’ll be able to nonetheless use the domains permit listed through the QuickSight console. However in case you specify domains through this parameter, then the embedding URL returned as a part of the API name is barely embeddable in these domains (even if in case you have a listing of static domains entered on the QuickSight console).

Previous to this functionality, the Content material-Service-Coverage within the request header listed all of the domains permit listed in QuickSight console. Now when permit itemizing the domains utilizing the API, the Content material-Service-Coverage solely exhibits the domains which are permit listed within the API name.

With this new functionality, ISVs which have totally different purposes for various clients can permit checklist particular domains at runtime, enabling them to scale simply for various clients and to tons of of 1000’s of end-users.

As an added safety, the AWS Identification and Entry Administration (IAM) admin of your QuickSight account can prohibit the domains that may be permit listed. This may be accomplished when your IAM admin units up permissions to your utility or server. As a part of this step, you’ll be able to specify the checklist of domains that may be permit listed through the embedding APIs. For instance, let’s assume you need your builders to solely permit checklist the next domains:

You may set these domains within the quicksight:AllowedEmbeddingDomain of the permissions setup. The next code is a pattern for the GenerateEmbedURLForAnonymousUser API:

    "Model": "2012-10-17",
    "Assertion": [
            "Effect": "Allow",
            "Action": [
            "Useful resource": "arn:partition:quicksight:area:accountId:person/namespace/userName",
            "Situation": {
                "ForAllValues:StringEquals": {
                    "quicksight:AllowedEmbeddingDomains": [

Pattern use case

On this instance use case, Journey Analytics is a software program as a service (SaaS) supplier with travel-related options for varied journey businesses. They’ve a SaaS utility for these businesses to trace totally different metrics on how their enterprise is performing. As a result of Journey Analytics is scaling their enterprise, they’ve totally different websites for various journey businesses. With the newly launched area permit itemizing with APIs, they’re in a position to scale with ease. They permit checklist the particular domains, relying on the shopper, through the API when producing the embedding URL.

The next code exhibits their pattern GenerateEmbedURLForAnonymousUser API name with the area added to the request:

The returned URL can solely be embedded within the area that was permit listed as a part of the previous request. The next is a screenshot of the embedded dashboard on this area.

The CSP header has solely the particular permit listed area through the API when the dashboard is embedded.


Runtime area permit itemizing utilizing embedding APIs permits builders to scale their embedded choices with QuickSight dashboards, visuals, QuickSight Q (pure language querying), or authoring expertise throughout totally different domains for his or her totally different clients simply. All of that is accomplished with none infrastructure setup or administration, whereas scaling to tens of millions of customers. For extra data, confer with Amazon QuickSight Embedded Analytics and What’s New within the Amazon QuickSight Consumer Information.

In regards to the authors

Vetri Natarajan is a Specialist Options Architect for Amazon QuickSight. Vetri has 15 years of expertise implementing enterprise Enterprise Intelligence (BI) options and greenfield knowledge merchandise. Vetri focuses on integration of BI options with enterprise purposes and allow data-driven choices.

Kareem Syed-Mohammed is a Product Supervisor at Amazon QuickSight. He focuses on embedded analytics, APIs, and developer expertise. Previous to QuickSight he has been with AWS Market and Amazon retail as a PM. Kareem began his profession as a developer after which PM for name heart applied sciences, Native Skilled and Adverts for Expedia. He labored as a guide with McKinsey and Firm for a short time.


Most Popular