Integration guidelines

Table of Contents

Define application workflows
Determine the hosting domain
Define user roles and privileges
Define an authentication method
Define security settings
Try out the embed modules

ThoughtSpot recommends that you browse through the following guidelines before embedding ThoughtSpot in your application.

Define application workflows🔗

The ThoughtSpot Visual Embed SDK includes a Javascript library to programmatically embed search, Liveboards, visualizations, and or the full ThoughtSpot experience.

In addition to the Visual Embed SDK, ThoughtSpot provides REST APIs to query data from the ThoughtSpot application. For example, you can construct a search Answer using the data APIs and use this link to embed search answers with your application.

Irrespective of the method you use for embedding, make sure you define your application workflows and authentication criteria to enable seamless navigation between the host and embedded interfaces.

Determine the hosting domain🔗

When you embed ThoughtSpot into your app, the application URL will be set as <your-company-name>.thoughtspot.cloud by default. Most web browsers, including Safari and Firefox, block third-party cookies by default. To ensure that embedding works on browsers that don’t allow third-party cookies and cross-domain requests, you can customize the domain name of the embedded ThoughtSpot instance. For more information, see Custom domain configuration.

Note	If your deployment requires both ThoughtSpot standalone application and the embedded ThoughtSpot instance, we recommend that you host these instances on separate domains or non-overlapping sub-domains.

Define user roles and privileges🔗

The ThoughtSpot application integration involves several workflows that require users to have specific privileges:

ThoughtSpot admin: ThoughtSpot administrators who define the authentication workflow and create user groups.
Access control in ThoughtSpot is managed through the users and groups that are stored locally on ThoughtSpot, even if the users are authenticated using SSO or Trusted Authentication. This means that to provide access to content or system privileges, admin users must create users and groups in ThoughtSpot.

For more information, see Managing users and Managing Groups.
Developer: Application developers with privileges to use the Developer portal and embed ThoughtSpot components in their host application.
Developer users can also customize the look and feel of the UI, add custom actions to an embedded visualization or Liveboard, and modify security settings such as CORS and CSP. For more information, see Developer access.

Define an authentication method🔗

For initial development and testing purposes, you can use the basic authentication method with session REST APIs to manage ThoughtSpot user logins and sessions. However, ThoughtSpot recommends that you use the EmbeddedSSO or trusted authentication service to authenticate users in production environments.

For more information, see Authentication.

Define security settings🔗

Before embedding, you must enable several security settings in the Developer portal for cross-domain communication.

Cross-Origin Resource Sharing

Cross-Origin Resource Sharing (CORS) domains are the origins from which ThoughtSpot APIs can be called. When you add your host domain for CORS in the Developer portal, ThoughtSpot adds the access-control-allow-origin header in its API responses.

Content Security Policy

To use the Visual Embed SDK, configure the following content security policy (CSP).

CSP visual embed hosts

To allow your host domain to set the frame-ancestors CSP policy header and embed a ThoughtSpot object within your application frame, you must add your host domain as a CSP visual embed host.
CSP connect-src

If you plan to configure custom actions to invoke external URLs, you must add these URLs to the CSP connect-src domain list in the Developer portal.

For more information, see Configure security settings.

Try out the embed modules🔗

The ThoughtSpot Developer portal provides a playground for developers to explore the Visual Embed SDK components. The Playground offers an interactive coding experience for developers to evaluate the APIs and embed ThoughtSpot search, visualizations, Liveboards, or the full ThoughtSpot experience within their host application.

Go to Playground