How to Generate an Embed Token Using an Embed Secret Key in Bold Reports
Bold Reports provides REST APIs that allow programmatic access and management of various reporting resources. These APIs enable developers to automate tasks and integrate report functionalities within applications.
For embedded reporting scenarios, Bold Reports supports generating embed tokens using an Embed Secret Key. This authentication method helps secure embedded applications by eliminating the need to expose Report Server user passwords.
This article explains how to generate an embed token using an Embed Secret Key and use the generated token in the embedded report viewer.
Prerequisites
Before generating an embed token, ensure that:
- You have access to a Bold Reports Server environment.
- An Embed Secret Key has been generated for the Report Server user.
- You have access to an API client such as Postman.
Steps to Generate an Embed Token
-
Create a New POST Request
Open the Postman application and create a new
POSTrequest. -
Configure the Token Endpoint
Follow the instructions in the Embed Authentication REST API documentation.
Use the following endpoint URL:
{BoldReportsUrl}/reporting/api/site/{{tenant-name}}/token
Note: Replace {BoldReportsUrl} with the base URL of your Bold Reports server and <tenant-name> with your actual tenant name.
-
Configure the Request Body
Specify the
grant_typeasembed_token, provide theReportServerUser, and include the correspondingEmbed_Secret.You can also pass report parameters and custom attributes that will be applied when the report is rendered.
{
"grant_type": "embed_token",
"ReportServerUser": "[email protected]",
"Embed_Secret": "Yhfw5o9c0VdPk8HWhQQnGKAl0K9HP",
"ReportParameters": [
{
"Key": "ParameterKey1",
"Values": [
"Value3",
"Value4"
]
},
{
"Key": "ParameterKey2",
"Values": [
"Value4"
]
}
],
"CustomAttributes": [
{
"Key": "AttributeKey3",
"Value": "AttributeValue4"
},
{
"Key": "AttributeKey5",
"Value": "AttributeValue6"
}
]
}
- You will receive a response containing the embed token under the
access_tokentag:
Request Parameter Description
| Parameter | Description |
|---|---|
| grant_type | Specifies the token type. Use embed_token. |
| ReportServerUser | The Report Server user for whom the embed token is generated. |
| Embed_Secret | The Embed Secret Key associated with the specified user. |
| ReportParameters | Optional collection of report parameters passed to the report. |
| CustomAttributes | Optional collection of custom attributes used for filtering, security, or custom business logic. |
Note: When using the Embed_Secret field, the Password field is not required. The embed token is generated for the specified Report Server user using the provided embed secret key.
- Generate the Token
Send the request and verify that the response contains an access_token field.
Example response:
{
"access_token": "generated_embed_token",
"token_type": "bearer",
"expires_in": 86400
}
Copy the generated access_token value for use in your embedded application.
Using the Generated Token in Bold Reports Viewer
Once the embed token has been generated, assign it to the embedToken property while initializing the Bold Reports Viewer.
$("#report-viewer").boldReportViewer({
reportServiceUrl: "http://reportserver.syncfusion.com/ReportService/api/Viewer",
reportPath: report_path,
embedToken: generated_access_token
});
The report viewer authenticates using the provided token and automatically applies the configured report parameters and custom attributes.