Embedding Security


Are there any plans to have any type of security around embedding? I’d love to use redash in our SAAS, but I really need to have some way of controlling access to the embedded graphs.

Alternatively is it possible if I self-host?


What do you mean? Currently you need an API key to open an embed. Or are you referring to the situation with parameters in embeds?


To be honest I’m also concerned/curious/slightly perplexed about the security aspect of embedding queries in our website. Security isn’t exactly my forte so I’d love to see a tutorial or simply an explanation of some kind that explicitly shows how (you could) go about securely embedding queries in a website that already has login/authentication of its own, so that not just anybody with the right URL could access the query.

Honestly, I’m sure it’s obvious/easy I’m just missing something. A bit thickheaded over here :slight_smile: