Help with connecting to Sisense instance

steve Thank you for pointing out my suggestion 2. I didn't catch the JDBC connection part of it.

Hi herajapakse.

You're absolutely right to be concerned about the security implications of exposing an API token directly in the frontend. It's indeed a best practice to minimize exposure of sensitive credentials to prevent misuse and unauthorized access. We have documentation on the ComposeSDK site here: https://sisense.dev/guides/accessSecurity/

Here are a few strategies that you could use to securely establish a connection to your Sisense instance without exposing sensitive information in the frontend:

1. Backend Proxy:
Perhaps the most effective approach is to use a backend server as a proxy. In this configuration, the backend server holds the API token and interacts with Sisense on behalf of the frontend. The frontend communicates with your backend server using endpoint routes that you define, and then the backend server handles Sisense API requests.
Steps:
- Create API routes in your backend application (e.g., Node.js, Python Flask, etc.).
- Store the Sisense API token securely in the backend, using environment variables or encrypted secrets management tools.
- Use these routes to fetch data from Sisense by making HTTP requests to your backend instead of directly to Sisense.
- Optional: Implement caching in the backend to optimize performance.

2. OAuth2 with Sisense: https://docs.sisense.com/main/SisenseLinux/configuring-the-jdbc-connector-to-use-oauth.htm
Sisense supports OAuth2, so you can implement an OAuth2 flow. Your users would authenticate themselves, and the system grants a time-limited access token which is safer to handle in the front end.
    Steps:
    - Configure the OAuth2 setup in Sisense.
    - Implement OAuth flow in your frontend to retrieve the token.
    - Use the token to make API calls from the frontend, without needing to expose a permanent API token.

3. Environment-Specific Tokens:
For environments where a backend isn't feasible, consider using environment-specific, limited privilege API tokens, and ensure they are stored securely (e.g., using environment variables or web security measures like HTTPS).
Implementation:
- Generate separate tokens for development, testing, and production.
- Leverage the Sisense security model to restrict what each token can access or do.
- Ensure communications are made over HTTPS to secure the requests.

Example (Backend Proxy with Node.js):
Here’s a basic example of what the Node.js backend function might look like for forwarding requests to Sisense:
Javascript:

const axios = require('axios');
require('dotenv').config();
app.get('/api/sisense/data', async (req, res) => {
try {
const response = await axios.get('https://your-sisense-instance/api/v1/data', {
headers: {
'Authorization': Bearer ${process.env.SISENSE_API_TOKEN}
}
});
res.send(response.data);
} catch(error) {
res.status(500).send('Error retrieving data');
}
});

In this setup, you make sure only your backend app directly handles the Sisense API token, considerably reducing the risk of unauthorized exposure.
Please verify which of these approaches best fits your situation and infrastructure, and don't hesitate to ask if you need further detail on any of these suggestions!

Have a great day!

Hello herajapakse.

I wanted to follow up to see if the solutions offered worked for you.

If so, please click the 'Accept as Solution' button so other users with the same questions can find the answer faster. If not, please let us know so that we can continue to help.

Thank you.

Hello herajapakse,

I wanted to follow up to see if any of the solutions offered worked for you.

If so, please click the 'Accept as Solution' button on the appropriate post so other users with the same questions can find the answer faster. If not, please let us know so that we can continue to help.

Thank you.

DRay the solution from steve worked for me as we already had SSO for embedded dashboards.