Tokens
Manage access tokens for report sharing.
Overview
Tokens provide authenticated access to reports without requiring user login. They can be used for:
- Embedding reports in external applications
- Sharing reports with unauthenticated users
- API access with limited scope
Tokens can be local (server-side) or cloud-based (when cloud publishing is enabled).
GET /api/reports/{id}/tokens
Get all tokens associated with a report.
Authentication: Required
Path Parameters:
| Parameter | Type | Description |
|---|---|---|
id | string | Report ID |
Response:
{
"tokens": [
{
"id": "token-uuid-1",
"type": "report",
"reportId": "team:sales-dashboard",
"token": "abc123def456",
"cloud": false,
"createdAt": "2024-02-08T10:00:00Z",
"_links": {
"self": { "href": "/api/tokens/token-uuid-1" }
}
},
{
"id": "token-uuid-2",
"type": "report",
"reportId": "team:sales-dashboard",
"token": "xyz789ghi012",
"cloud": true,
"url": "https://cloud.informer.com/view/xyz789ghi012",
"createdAt": "2024-02-09T10:00:00Z",
"_links": {
"self": { "href": "/api/tokens/token-uuid-2" }
}
}
],
"warning": null
}
Response Fields:
| Field | Type | Description |
|---|---|---|
tokens | array | Array of token objects |
warning | object | Error object if cloud token lookup failed (null on success) |
Token Object Fields:
| Field | Type | Description |
|---|---|---|
id | string | Token UUID |
type | string | Token type (usually "report") |
reportId | string | Associated report ID |
token | string | The actual token string |
cloud | boolean | true for cloud tokens, false for local |
url | string | Public URL (cloud tokens only) |
createdAt | string | Creation timestamp |
Behavior:
- Fetch local tokens - Retrieves tokens from the local database
- Fetch cloud tokens - If cloud is enabled, requests tokens from cloud platform
- Combine results - Returns both local and cloud tokens
- Handle errors - If cloud lookup fails, returns local tokens with warning
Use Case:
View all access tokens for a report to manage sharing and revoke access if needed.
Token Management
To create or manage tokens, use the Token API endpoints:
- POST /api/tokens - Create a new token
- GET /api/tokens/{id} - Get token details
- DELETE /api/tokens/{id} - Revoke a token
See the Token API documentation for full token management capabilities.
Cloud Publishing Tokens
When a report is published to the cloud (see Cloud Publishing), a cloud token is automatically created. Cloud tokens have additional properties:
{
"cloud": true,
"url": "https://cloud.informer.com/view/{token}",
"type": "report"
}
The url field provides a public link that can be shared with external users.
Token Security
Best Practices:
- Tokens provide full access to the associated report
- Treat tokens as sensitive credentials
- Revoke tokens when they are no longer needed
- Use cloud tokens for public sharing
- Use local tokens for controlled API access
- Regularly audit token usage
Token Lifecycle:
- Creation - Token is generated with random string
- Active Use - Token provides access to report
- Revocation - Token is deleted and becomes invalid
- Cleanup - Unused tokens should be removed periodically
Using Tokens
API Access
# Access report with token
curl -H "Authorization: Bearer {token}" \
https://api.informer.com/api/reports/team:sales-dashboard
URL Parameters
https://app.informer.com/v/report.html?token={token}
Embed Code
<iframe src="https://cloud.informer.com/view/{token}"
width="100%" height="600px">
</iframe>
Related Endpoints
- Cloud Publishing - Publish reports with public tokens
- POST /api/reports/{id}/_cloud-publish - Creates cloud token automatically
- Token API - Full token CRUD operations