Identity and Multi-Tenancy
Self sign

Self-sign

If you would prefer to generate the JSON Web Tokens (JWTs) in your codebase, we have provided the definitions for each access token here in typescript notation.

Some of the concepts used here will be explained in the Vizzly Config

Create the dashboard access token

type DashboardAccessToken = {
  // https://docs.vizzly.co/concepts/identity-config/access-type
  accessType: 'standard' | 'admin';
 
  organisationId: string;
 
  // https://docs.vizzly.co/concepts/identity-config/user-reference  
  userReference: string;
 
  // ISO 8601 format, including timezone offset
  expires: string;
 
  // https://docs.vizzly.co/concepts/identity-config/scope
  scope?: 'read' | 'read_write';
 
  // https://docs.vizzly.co/concepts/identity-config/parent-dashboard-ids
  parentDashboardIds?: Array<string>
}

Create the data access token

type Filter = {
  // ID of the field the secure filter uses.
  field: string;
  // An operator supported by your Query Engine.
  op: string;
 
  value: any;
};
 
type DataAccessToken = {
  // https://docs.vizzly.co/concepts/identity-config/data-sets
  dataSetIds: string[] | '*';
 
  // https://docs.vizzly.co/concepts/identity-config/secure-filters
  secureFilters: {
    [dataSetId: string]: Filter[] | Filter[][];
  };
 
  // ISO 8601 format, including timezone offset
  expires: string;
}

Create the query engine access token (optional)

optionalself-hosted

It should only be generated with truthy values if the current user is in the engineering department and is permitted access to the Config Manager.

type QueryEngineAccessToken = {
  // https://docs.vizzly.co/concepts/identity-config/database-schema-access
  allowDatabaseSchemaAccess: boolean;
 
  // Is the user allowed to preview the data in the tables?
  allowDataPreviewAccess: boolean;
 
  // ISO 8601 format, including timezone offset
  expires: string;
}

Create the project access token (optional)

optionalself-hosted

This token is used to grant access to specific project resources. For example, this is used with the Vizzly Query Engine to persist encrypted Vizzly configs to the Vizzly API.

type DashboardAccessToken = {
  // https://docs.vizzly.co/concepts/identity-config/project-id
  projectId: string;
  // https://docs.vizzly.co/concepts/identity-config/project-resources
  resources: Array<{
    id: string;
    scope: 'read' | 'read_write';
  }>;
}

Create signed config

optionalself-hosted

This token is a signed, valid Vizzly Config. You can send this to your Query Engine in the config header. This provides the ability to dynamically change the config depending on the customer by proxying Query Engine requests via your own servers to add this special header.

Python clientLoad your private key from an environment variable