Self-sign

If you are generating the JSON Web Tokens (JWTs) yourself, we have provided information on the claims and their structures which are required for each token.

Some of the concepts used here will be explained in the Vizzly Config.

Certificate and algorithm.

You will use the vizzly-private.pem file generated during the setup steps to sign the JWTs using the ES256 algorithm.

Our python SDK to help the signing of these tokens is open-sourced (opens in a new tab), so you can use this to help your implementation.

Dashboard access token

Self-hosted Query Engine In-browser Custom

Dashboard token claims example

{
  "accessType": "standard",
  "projectId": "prj_abc",
  "userReference": "user 123456",
  "scope": "read_write",
  "parentDashboardIds": [
    "dsh_123"
  ],
  "expires": "2024-03-06T20:49:28.748Z"
}

Data access token

Self-hosted Query Engine

Data token claims example

{
  "projectId": "prj_abc",
  "dataSetIds": "*",
  "secureFilters": {
      "data set id 1": [
        {
          "field": "user_id",
          "op": "=",
          "value": 88230,
        }
      ]
  },
  "parameters": {},
  "expires": "2024-03-06T20:49:28.746Z"
}

Query engine access token (optional)

OptionalSelf-hosted Query EngineAdvanced

It should only be generated with truthy values if the current user is in the engineering department and is permitted access to the Config Manager.

Query engine access token claims example

{
  "projectId": "prj_abc",
  "allowDatabaseSchemaAccess": true,
  "allowDataPreviewAccess": true,
  "expires": "2024-03-06T20:49:28.749Z"
}