how to use the ticket report embedding solution for single sign-on embedding into third-party systems - Quick BI

This topic describes how to use the ticket-based report embedding solution to embed reports into third-party systems without requiring a logon. This topic also explains how to control permissions for Quick BI reports that are embedded in third-party systems and use ticket management to prevent data breaches that are caused by malicious link sharing. This solution applies to Quick BI Professional Edition.

Note

Notes on passing parameters in embedded reports:

In embedded integration scenarios, you can use global parameters to provide different views of the same report to different users.
The feature for passing parameters in embedded reports is available only to enterprise customers who have 100 or more users of Quick BI Professional Edition.

Background information

Quick BI offers a security-enhanced embedded analytics solution, known as the ticket-based report embedding solution. When you use Quick BI Professional Edition, you can implement comprehensive security control for links, access, and data viewing. This solution helps you integrate with enterprise business systems at a low cost and efficiently build data products that reflect your brand.

Precautions

Note the following items when you use the ticket-based report embedding solution:

You can embed only dashboards, workbooks, data dashboards, ad hoc analysis reports, data entry reports, or reports from Downloads into other systems.
To try the global parameters feature, contact the Quick BI operations owner.

Quick BI Professional Edition supports the enhanced solution. The Pro edition supports only the basic solution.

The basic solution and the enhanced solution provide different features. For more information, see the following table.

Feature	Basic solution	Enhanced solution
Attached user	Report owner. This value cannot be modified.	Customizable. This lets you provide different views to different users.
Access count	Up to 100,000 times per ticket.	Unlimited. You can customize the access count.
Watermark	Not supported.	Supported. (This does not apply if the large screen does not support watermarks.)
Validity period	Up to 240 minutes.	Customizable.
Global parameters	Not supported.	Supported.
Block embedding	Not supported.	Supported.
Number of redirects Note Embedding must also be enabled for the report to which you are redirected.	Only one redirect is allowed. For example, if Report A is redirected to Report B, Report B cannot be redirected to Report C.	An unlimited number of redirects are supported. For example, if Report A is redirected to Report B, Report B can be redirected to Report C, and Report C can be redirected to another report.

Note

This topic uses the domain name for the China (Hong Kong) region (bi-cn-hongkong.data.aliyun.com) as an example for URL concatenation. You must replace it with the domain name for your site.

Step 1: Enable embedding for a report

You can configure the report embedding feature only when the report is in the Published state.

You can enable report embedding from the Open Platform module by performing the following steps:

On the Quick BI home page, follow the instructions in the following figure to go to the embed report page.
On the Add Embedded Report page, select the target workspace and object type. In the list, select the data object name and click Enable Embedding.
If the list contains many reports, you can enter a report name to quickly find the report.

In the Report Embedding Configuration dialog box, configure the parameters.

Important

The debugging feature is for trial purposes only. For production environments, you must complete Step 2: Generate an AccessTicket using an API operation and Step 3: Concatenate the single sign-on URL.

Parameter	Description
Embedded Object	Select the object to embed. If you select Entire Page, the current dashboard is embedded. If you select a widget, the specified widget in the current dashboard is embedded.
Display Configuration	Specifies whether to display the title of the current dashboard after the dashboard is embedded.
Security Authentication Type and Ticket Link	Select Ticket Authentication and generate a ticket link. You can manually enter a ticket link or click Quick Generate to generate a ticket. On the ticket generation page, you can set the attached user, validity period, watermark parameters, access count, and global parameters.
Get Embedding Code	You can generate a URL Link and Iframe Code. Note You can add the `locale` parameter to the URL to specify the language of the embedded page. You can set the `locale` parameter to `zh-CN` (Chinese) or `en-US` (English). The following figure shows how to set the language of the embedded page to Chinese.

Click Copy.

Step 2: Generate an AccessTicket using an API operation

Call the CreateTicket API operation to generate the ticket required for report embedding.

The following table describes the parameters that you can configure to generate an AccessTicket.

Parameter	Type	Description
WorksId	String	The ID of the report for which embedding is enabled. Dashboards, workbooks, data dashboards, reports from Downloads, ad hoc analysis reports, and data entry reports are supported.
CmptId	String	The ID of a widget in one of the preceding reports. To obtain the widget ID, call the QueryWorksBloodRelationship API operation.
TicketNum	Integer	The number of times that the ticket can be used. Default value: 1. Recommended value: 1. Maximum value: 99999. Each time the ticket is used for access, the remaining number of times that the ticket can be used is reduced by one.
UserId	String	The ID of the Quick BI user. This is not your Alibaba Cloud account ID. You can call the QueryUserInfoByAccount API operation to obtain the user ID. Example: `fe67f61a35a94b7da1a34ba174a7**`. Note Enter a value for either UserId or AccountName**. If you leave both empty, the report owner is used by default. To configure row-level permissions, see Appendix 1: Configure row-level permissions.
AccountName	String	The name of the user account. If the user uses an Alibaba Cloud account, such as wangwu, the format is [Alibaba Cloud account]. Example: wangwu. If the user uses a RAM user, such as zhangsan@aliyun.cn, the format is [Alibaba Cloud account:RAM user]. Example: wangwu:zhangsan. Note Enter a value for either UserId or AccountName**. If you leave both empty, the report owner is used by default. To configure row-level permissions, see Appendix 1: Configure row-level permissions.
AccountType	Integer	The type of the user account. 1: Alibaba Cloud account 3: Quick BI-specific account 5: RAM user Note If you specify AccountName, you must also specify AccountType.
ExpireTime	Integer	The expiration time. Unit: minutes. Default value: 240. This is the maximum value for page debugging. You can customize this value using the API operation. The maximum value is the maximum value of the Integer type.
WatermarkParam	String	The watermark parameter of the report. The value cannot exceed 50 characters in length.
GlobalParam	String	The global parameters for the report filter conditions. The value is a JSON string. Note To use the global parameters feature, contact the Quick BI operations owner.

Note

To prevent link sharing, set TicketNum to 1. This setting means the generated third-party embedded link can be accessed only once.
When you embed a report, you can attach the WatermarkParam watermark parameter.

Generate the AccessTicket.
For sample code, see SDK example.
The following code shows an example of a returned result:
```
{
  "requestId" : "7D784AB0-5B77-077E-B628-E782B58D3898",
  "result" : "fd138bcb-****-4fde-b413-81bcee59bdb6",
  "success" : true
}
```
Note
The value of the result field is the AccessTicket generated by this API call. In this example, the AccessTicket is fd138bcb-****-4fde-b413-81bcee59bdb6.

Step 3: Concatenate the single sign-on URL

The following table shows the concatenation process and provides examples.

Process	Dashboard example	Workbook example	Downloads example	Data dashboard example	Ad hoc analysis example	Data entry example
1. Obtain the Quick BI domain name	`bi-cn-hongkong.data.aliyun.com`	`bi-cn-hongkong.data.aliyun.com`	`bi-cn-hongkong.data.aliyun.com`	`bi-cn-hongkong.data.aliyun.com`	`bi-cn-hongkong.data.aliyun.com`	`bi-cn-hongkong.data.aliyun.com`
2. Obtain the report preview URL	`token3rd/dashboard/view/pc.htm`	`token3rd/report/view.htm`	`token3rd/offline/view/pc.htm`	`token3rd/screen/view/pc.htm`	`token3rd/analysis/view/pc.htm`	`token3rd/dataform/view.htm`
3. Obtain the report ID	`dd0****83f`	`42****18ef6`	`22****9pek0`	`27****an79d`	`7f****5dda`	`29****df453`
4. Obtain the AccessTicket	`fd138bcb-****-4fde-b413-81bcee59bdb6`	`fd138bcb-****-4fde-b413-81bcee59bdb6`	`fd138bcb-****-4fde-b413-81bcee59bdb6`	`fd138bcb-****-4fde-b413-81bcee59bdb6`	`fd138bcb-****-4fde-b413-81bcee59bdb6`	`fd138bcb-****-4fde-b413-81bcee59bdb6`

The following list describes the concatenation formats and provides example report URLs.

Dashboard URL format: https://<Quick BI domain name>/<Report preview URL>?pageId=<Report ID>&accessTicket=<AccessTicket>. Example:

https://bi-cn-hongkong.data.aliyun.com/token3rd/dashboard/view/pc.htm?pageId=dd0****83f&accessTicket=fd138bcb-****-4fde-b413-81bcee59bdb6

Workbook URL format: https://<Quick BI domain name>/<Report preview URL>?id=<Report ID>&accessTicket=<AccessTicket>. Example:

https://bi-cn-hongkong.data.aliyun.com/token3rd/report/view.htm?id=<42****18ef6>&accessTicket=fd138bcb-****-4fde-b413-81bcee59bdb6

Downloads URL format: https://<Quick BI domain name>/<Report preview URL>?pageId=<Report ID>&accessTicket=<AccessTicket>. The following example shows the URL for the China (Hong Kong) site:
```
https://bi-cn-hongkong.data.aliyun.com/token3rd/offline/view/pc.htm?pageId=<42****18ef6>&accessTicket=fd138bcb-****-4fde-b413-81bcee59bdb6
```
Data dashboard URL format: https://<Quick BI domain name>/<Report preview URL>?pageId=<Report ID>&accessTicket=<AccessTicket>. The following example shows the URL for the China (Hong Kong) site:
```
https://bi-cn-hongkong.data.aliyun.com/token3rd/screen/view/pc.htm?pageId=<42****18ef6>&accessTicket=fd138bcb-****-4fde-b413-81bcee59bdb6
```
Ad hoc analysis URL format: https://<Quick BI domain name>/<Report preview URL>?pageId=<Report ID>&accessTicket=<AccessTicket>. The following example shows the URL for the China (Hong Kong) site:
```
https://bi-cn-hongkong.data.aliyun.com/token3rd/analysis/view.htm?id=<xxx>&accessTicket=<xxx> 
```
Data entry URL format: https://<Quick BI domain name>/<Report preview URL>?pageId=<Report ID>&accessTicket=<AccessTicket>. The following example shows the URL for the China (Hong Kong) site:
```
http://bi-cn-hongkong.data.com/token3rd/dataform/view.htm?id=<xxx>&accessTicket=<xxx>
```

To embed a widget in a report, append &cmptId=XXX to the report URL. For example, to embed a widget in a workbook, use the following URL:

https://bi-cn-hongkong.data.aliyun.com/token3rd/report/view.htm?id=<42****18ef6>&accessTicket=fd138bcb-****-4fde-b413-81bcee59bdb6&cmptId=XXX

Obtain the Quick BI domain name.
For example, the domain name for the Quick BI site in the China (Hong Kong) region is bi-cn-hongkong.data.aliyun.com. You must use the domain name of your specific environment.
Obtain the report preview URL.
The following list provides the preview page URLs for different types of reports. Select the URL that you need.
- Dashboard: token3rd/dashboard/view/pc.htm
- Workbook: token3rd/report/view.htm
- Data dashboard: token3rd/screen/view/pc.htm
- Downloads: token3rd/offline/view/pc.htm
- Ad hoc analysis: token3rd/analysis/view/pc.htm
- Data entry: token3rd/dataform/view.htm
On the report editing page, obtain the report ID.
- Dashboard ID. Example: d01****c5f.
  On the dashboard editing page, obtain the value of pageId from the address bar.
- Workbook ID. Example: d0****3ba88.
  On the workbook editing page, obtain the workbook ID from the address bar.
- Data dashboard ID. Example: 3c****26b.
  On the data dashboard editing page, obtain the value of pageId from the address bar.
- Downloads ID. Example: b2****47.
  On the Downloads editing page, obtain the value of pageId from the address bar.
- Ad hoc analysis ID. Example: 7f****da.
  On the ad hoc analysis editing page, obtain the value of pageId from the address bar.
- Data entry ID. Example: 29****53.
  On the data entry editing page, obtain the value of pageId from the address bar.
Concatenate the Quick BI domain name, report preview URL, report ID, and the AccessTicket from Step 2 to create the request URL.
- Dashboard URL format: https://<Quick BI domain name>/<Report preview URL>?pageId=<Report ID>&accessTicket=<AccessTicket>
- Workbook URL format: https://<Quick BI domain name>/<Report preview URL>?id=<Report ID>&accessTicket=<AccessTicket>
- Data dashboard URL format: https://<Quick BI domain name>/<Report preview URL>?pageId=<Report ID>&accessTicket=<AccessTicket>
- Downloads URL format: https://<Quick BI domain name>/<Report preview URL>?pageId=<Report ID>&accessTicket=<AccessTicket>
- Ad hoc analysis URL format: https://<Quick BI domain name>/<Report preview URL>?id=<Report ID>&accessTicket=<AccessTicket
- Data entry URL format: https://<Quick BI domain name>/<Report preview URL>?id=<Report ID>&accessTicket=<AccessTicket>

Appendix 1: Configure row-level permissions

If you do not specify the UserId and accountName parameters, the viewing permissions for the embedded report default to those of the report owner. To attach the permissions of a specific user, follow the instructions in the following figure to configure row-level permissions, and then set the UserId or AccountName parameter.For more information, see Row- and column-level permissions.

Appendix 2: Global parameter generation

Set the required global parameters in the target dashboard or workbook. These global parameters are used when you attach reports and generate AccessTickets.

The parameter name for global parameters is GlobalParam. The parameter value is a JSON array:

[
  {
    "paramKey": "price", // Global parameter key
    "joinType": "and",   // Join type. Use 'and'.
    "conditionList": [
      {
        "operate": "=", // Operator. See the description below.
        "value": "1"    // Value. For multiple values, use an array, such as ["1", "2"].
      },
      {
        "operate": "=", // Operator. See the description below.
        "value": "2"    // Value. For multiple values, use an array, such as ["1", "2"].
      }
    ]
  },
  {
    "paramKey": "area", // Global parameter key
    "joinType": "and",   // Join type. Use 'and'.
    "conditionList": [
      {
        "operate": "in",          // Operator
        "value": ["North China","South China"]    // Value. For multiple values, use an array.
      }
    ]
  }
]

The following table describes the common enumerations for the operate field of a global parameter.

Operator (operate)	Description	Notes
=	Equal to	-
!=	Not equal to	-
>	Greater than	-
>=	Greater than or equal to	-
<	Less than	-
<=	Less than or equal to	-
in	in	The parameter value must be an array.
not-in	not in	The parameter value must be an array.
like	like	Fuzzy match for keywords. SQL automatically parses this into `like '%{value}%'`.
contain	String contains	SQL automatically parses this into `like '%{value}%'`.
start-with	String starts with	SQL automatically parses this into `like '{value}%'`.
end-with	String ends with	SQL automatically parses this into `like '%{value}'`.

How to quickly obtain global parameter examples

If you are unsure how to generate global parameters, you can obtain examples from the debugging page for embedded analytics on the Open Platform. To obtain the examples, perform the following steps:

Go to the embedded analytics page on the Open Platform, select a dashboard for which global parameters are configured, and then click Debug.
Click Quick Generate. On the ticket generation page that appears on the right, configure the global parameters.
Using Google Chrome as an example, press F12 to open the developer tools and view the network traffic.
On the page, click Generate Ticket and view the API request in the developer tools.

You can then view the use case for global parameters for the current report.

Appendix 3: Number of embeddable reports

Number of purchased users	Number of third-party embeddings
50	100
100	200
200	500
300	1,000

Note

The values in the preceding table are the default limits for embedding reports in Quick BI Professional Edition.