Generates a server-side embeddable URL and authorization code. Before this can work properly, first you need to configure the dashboards and user permissions. For more information, see Embedding Amazon QuickSight Dashboards.

Currently, you can use GetDashboardEmbedURL only from the server, not from the user’s browser.

CLI Sample:

Assume the role with permissions enabled for actions: quickSight:RegisterUser and quicksight:GetDashboardEmbedURL. You can use assume-role, assume-role-with-web-identity, or assume-role-with-saml.

aws sts assume-role --role-arn "arn:aws:iam::111122223333:role/embedding_quicksight_dashboard_role" --role-session-name embeddingsession

If the user does not exist in QuickSight, register the user:

aws quicksight register-user --aws-account-id 111122223333 --namespace default --identity-type IAM --iam-arn "arn:aws:iam::111122223333:role/embedding_quicksight_dashboard_role" --user-role READER --session-name "embeddingsession" --email --region us-east-1

Get the URL for the embedded dashboard (IAM identity authentication):

aws quicksight get-dashboard-embed-url --aws-account-id 111122223333 --dashboard-id 1a1ac2b2-3fc3-4b44-5e5d-c6db6778df89 --identity-type IAM

Get the URL for the embedded dashboard (QUICKSIGHT identity authentication):

aws quicksight get-dashboard-embed-url --aws-account-id 111122223333 --dashboard-id 1a1ac2b2-3fc3-4b44-5e5d-c6db6778df89 --identity-type QUICKSIGHT --user-arn arn:aws:quicksight:us-east-1:111122223333:user/default/embedding_quicksight_dashboard_role/embeddingsession

Request Syntax

GET /accounts/AwsAccountId/dashboards/DashboardId/embed-url?creds-type=IdentityType&reset-disabled=ResetDisabled&session-lifetime=SessionLifetimeInMinutes&undo-redo-disabled=UndoRedoDisabled&user-arn=UserArn HTTP/1.1

URI Request Parameters

The request requires the following URI parameters.


AWS account ID that contains the dashboard you are embedding.

Length Constraints: Fixed length of 12.

Pattern: ^[0-9]{12}$


The ID for the dashboard, also added to IAM policy


The authentication method the user uses to sign in (IAM only).

Valid Values: IAM | QUICKSIGHT


Remove the reset button on embedded dashboard. The default is FALSE, which allows the reset button.


How many minutes the session is valid. The session lifetime must be between 15 and 600 minutes.

Valid Range: Minimum value of 15. Maximum value of 600.


Remove the undo/redo button on embedded dashboard. The default is FALSE, which enables the undo/redo button.


The Amazon QuickSight user's ARN, for use with QUICKSIGHT identity type. You can use this for any Amazon QuickSight users in your account (readers, authors, or admins) authenticated as one of the following:

  • Active Directory (AD) users or group members

  • Invited non-federated users

  • IAM users and IAM role-based sessions authenticated through Federated Single Sign-On using SAML, OpenID Connect, or IAM Federation

Request Body

The request does not have a request body.

Response Syntax

HTTP/1.1 Status Content-type: application/json { "EmbedUrl": "string", "RequestId": "string" }

Response Elements

If the action is successful, the service sends back the following HTTP response.


The http status of the request.

The following data is returned in JSON format by the service.


URL that you can put into your server-side webpage to embed your dashboard. This URL is valid for 5 minutes, and the resulting session is valid for 10 hours. The API provides the URL with an auth_code that enables a single-signon session.

Type: String


The AWS request ID for this operation.

Type: String


For information about the errors that are common to all actions, see Common Client Errors.


You don't have access to this. The provided credentials couldn't be validated. You might not be authorized to carry out the request. Ensure that your account is authorized to use the Amazon QuickSight service, that your policies have the correct permissions, and that you are using the correct access keys.

HTTP Status Code: 401


The domain specified is not on the allowlist. All domains for embedded dashboards must be added to the approved list by an Amazon QuickSight admin.

HTTP Status Code: 403


The identity type specified is not supported. Supported identity types include IAM and QUICKSIGHT.

HTTP Status Code: 403


An internal failure occurred.

HTTP Status Code: 500


One or more parameters don't have a valid value.

HTTP Status Code: 400


One or more preconditions aren't met.

HTTP Status Code: 400


The user is not found. This error can happen in any operation that requires finding a user based on a provided user name, such as DeleteUser, DescribeUser, and so on.

HTTP Status Code: 404


The resource specified doesn't exist.

HTTP Status Code: 409


One or more resources can't be found.

HTTP Status Code: 404


This resource is currently unavailable.

HTTP Status Code: 503


The number of minutes specified for the lifetime of a session is not valid. The session lifetime must be from 15 to 600 minutes.

HTTP Status Code: 400


Access is throttled.

HTTP Status Code: 429


This error indicates that you are calling an operation on an Amazon QuickSight subscription where the edition doesn't include support for that operation. Amazon QuickSight currently has Standard Edition and Enterprise Edition. Not every operation and capability is available in every edition.

HTTP Status Code: 403

See Also

For more information about using this API in one of the language-specific AWS SDKs, see the following: