GenerateEmbedUrlForAnonymousUser - Amazon QuickSight

GenerateEmbedUrlForAnonymousUser

Generates an embed URL that you can use to embed an Amazon QuickSight dashboard or visual in your website, without having to register any reader users. Before you use this action, make sure that you have configured the dashboards and permissions.

The following rules apply to the generated URL:

  • It contains a temporary bearer token. It is valid for 5 minutes after it is generated. Once redeemed within this period, it cannot be re-used again.

  • The URL validity period should not be confused with the actual session lifetime that can be customized using the SessionLifetimeInMinutes parameter. The resulting user session is valid for 15 minutes (minimum) to 10 hours (maximum). The default session duration is 10 hours.

  • You are charged only when the URL is used or there is interaction with Amazon QuickSight.

For more information, see Embedded Analytics in the Amazon QuickSight User Guide.

For more information about the high-level steps for embedding and for an interactive demo of the ways you can customize embedding, visit the Amazon QuickSight Developer Portal.

Request Syntax

POST /accounts/AwsAccountId/embed-url/anonymous-user HTTP/1.1 Content-type: application/json { "AllowedDomains": [ "string" ], "AuthorizedResourceArns": [ "string" ], "ExperienceConfiguration": { "Dashboard": { "InitialDashboardId": "string" }, "DashboardVisual": { "InitialDashboardVisualId": { "DashboardId": "string", "SheetId": "string", "VisualId": "string" } }, "QSearchBar": { "InitialTopicId": "string" } }, "Namespace": "string", "SessionLifetimeInMinutes": number, "SessionTags": [ { "Key": "string", "Value": "string" } ] }

URI Request Parameters

The request uses the following URI parameters.

AwsAccountId

The ID for the AWS account that contains the dashboard that you're embedding.

Length Constraints: Fixed length of 12.

Pattern: ^[0-9]{12}$

Required: Yes

Request Body

The request accepts the following data in JSON format.

AuthorizedResourceArns

The Amazon Resource Names (ARNs) for the Amazon QuickSight resources that the user is authorized to access during the lifetime of the session.

If you choose Dashboard embedding experience, pass the list of dashboard ARNs in the account that you want the user to be able to view.

Currently, you can pass up to 25 dashboard ARNs in each API call.

Type: Array of strings

Required: Yes

ExperienceConfiguration

The configuration of the experience that you are embedding.

Type: AnonymousUserEmbeddingExperienceConfiguration object

Required: Yes

Namespace

The Amazon QuickSight namespace that the anonymous user virtually belongs to. If you are not using an Amazon QuickSight custom namespace, set this to default.

Type: String

Length Constraints: Maximum length of 64.

Pattern: ^[a-zA-Z0-9._-]*$

Required: Yes

AllowedDomains

The domains that you want to add to the allow list for access to the generated URL that is then embedded. This optional parameter overrides the static domains that are configured in the Manage QuickSight menu in the Amazon QuickSight console. Instead, it allows only the domains that you include in this parameter. You can list up to three domains or subdomains in each API call.

To include all subdomains under a specific domain to the allow list, use *. For example, https://*.sapp.amazon.com includes all subdomains under https://sapp.amazon.com.

Type: Array of strings

Required: No

SessionLifetimeInMinutes

How many minutes the session is valid. The session lifetime must be in [15-600] minutes range.

Type: Long

Valid Range: Minimum value of 15. Maximum value of 600.

Required: No

SessionTags

The session tags used for row-level security. Before you use this parameter, make sure that you have configured the relevant datasets using the DataSet$RowLevelPermissionTagConfiguration parameter so that session tags can be used to provide row-level security.

These are not the tags used for the AWS resource tagging feature. For more information, see Using Row-Level Security (RLS) with Tagsin the Amazon QuickSight User Guide.

Type: Array of SessionTag objects

Array Members: Minimum number of 1 item. Maximum number of 50 items.

Required: No

Response Syntax

HTTP/1.1 Status Content-type: application/json { "AnonymousUserArn": "string", "EmbedUrl": "string", "RequestId": "string" }

Response Elements

If the action is successful, the service sends back the following HTTP response.

Status

The HTTP status of the request.

The following data is returned in JSON format by the service.

AnonymousUserArn

The Amazon Resource Name (ARN) to use for the anonymous Amazon QuickSight user.

Type: String

EmbedUrl

The embed URL for the dashboard.

Type: String

RequestId

The AWS request ID for this operation.

Type: String

Errors

For information about the errors that are common to all actions, see Common Errors.

AccessDeniedException

You don't have access to this item. The provided credentials couldn't be validated. You might not be authorized to carry out the request. Make sure that your account is authorized to use the Amazon QuickSight service, that your policies have the correct permissions, and that you are using the correct credentials.

HTTP Status Code: 401

InternalFailureException

An internal failure occurred.

HTTP Status Code: 500

InvalidParameterValueException

One or more parameters has a value that isn't valid.

HTTP Status Code: 400

ResourceNotFoundException

One or more resources can't be found.

HTTP Status Code: 404

SessionLifetimeInMinutesInvalidException

The number of minutes specified for the lifetime of a session isn't valid. The session lifetime must be 15-600 minutes.

HTTP Status Code: 400

ThrottlingException

Access is throttled.

HTTP Status Code: 429

UnsupportedPricingPlanException

This error indicates that you are calling an embedding operation in Amazon QuickSight without the required pricing plan on your AWS account. Before you can use embedding for anonymous users, a QuickSight administrator needs to add capacity pricing to Amazon QuickSight. You can do this on the Manage Amazon QuickSight page.

After capacity pricing is added, you can use the GetDashboardEmbedUrl API operation with the --identity-type ANONYMOUS option.

HTTP Status Code: 403

UnsupportedUserEditionException

This error indicates that you are calling an operation on an Amazon QuickSight subscription where the edition doesn't include support for that operation. Amazon Amazon QuickSight currently has Standard Edition and Enterprise Edition. Not every operation and capability is available in every edition.

HTTP Status Code: 403

See Also

For more information about using this API in one of the language-specific AWS SDKs, see the following: