Embed signatures authenticate Tractorscope dashboard and chart embeds.
Important rule
Generate embed signatures on your server. Never expose a Tractorscope API key in browser JavaScript, mobile app code, or any client-side bundle.
Payload structure
A signed embed payload contains:
- data: URL-encoded JSON describing the dashboard or chart to embed
- signature: HMAC SHA-256 hex digest of thedatavalue
The final object is JSON encoded and base64 encoded before being passed to the embed URL or web component.
Data object fields
Common data fields include:
- dashboard: dashboard ID for dashboard embeds
- chart: chart ID for chart embeds
- filters: object of filter names and values
Filters
Filter values let your application scope embedded analytics to a tenant, account, customer, date range, aggregation period, or other context.
Common mistakes
- Signing a different string than the encoded datavalue
- Exposing the API key in frontend code
- Passing filter names that do not match dashboard filters
- Using an inactive or revoked API key
- Loading embeds from a domain that has not been allowed