Superset Dashboard Embedding
Apache Superset supports Embedded SDK for third-party app embedding with Guest Token authentication. Unlike Metabase, requires more complex CORS and Row-Level Security setup.
Superset Configuration
In superset_config.py:
FEATURE_FLAGS = {
"EMBEDDED_SUPERSET": True,
"ENABLE_TEMPLATE_PROCESSING": True
}
CORS_OPTIONS = {
'supports_credentials': True,
'origins': ['https://your-app.com']
}
SESSION_COOKIE_SAMESITE = None
SESSION_COOKIE_SECURE = True
SESSION_COOKIE_HTTPONLY = True
Guest Token
async function getSupersetGuestToken(
dashboardId: string,
userId: string,
userEmail: string
): Promise<string> {
// Get admin access token
const loginResponse = await fetch(`${SUPERSET_URL}/api/v1/security/login`, {
method: 'POST',
headers: { 'Content-Type': 'application/json' },
body: JSON.stringify({
username: process.env.SUPERSET_ADMIN_USER,
password: process.env.SUPERSET_ADMIN_PASSWORD,
provider: 'db',
}),
});
const { access_token } = await loginResponse.json();
// Create guest token
const response = await fetch(`${SUPERSET_URL}/api/v1/security/guest_token/`, {
method: 'POST',
headers: {
'Content-Type': 'application/json',
'Authorization': `Bearer ${access_token}`,
},
body: JSON.stringify({
user: {
username: `user_${userId}`,
first_name: userEmail,
last_name: 'Embedded',
},
resources: [
{ type: 'dashboard', id: dashboardId },
],
rls_rules: [
{
clause: `user_id = ${userId}`,
tables: [
{ schema: 'public', name: 'orders' },
],
},
],
temporary_password: Math.random().toString(36).slice(2),
}),
});
const { token } = await response.json();
return token;
}
SDK Integration
import { EmbeddedDashboard } from '@superset-ui/embedded-sdk';
function SupersetEmbed({ dashboardId, token }: { dashboardId: string; token: string }) {
return (
<EmbeddedDashboard
src={`${SUPERSET_URL}/embedded/${dashboardId}/${token}`}
/>
);
}
Timeline
Basic embedding—2–3 days. With Row-Level Security and parameter filtering—5–7 days.