Embedding: 'Ready-for-production' Checklist

Now that you've successfully embedded a production-ready Luzmo dashboard, it's time to ensure that your embedding setup adheres to our best practices! First we'll give some tips on the setup of the Collections, afterwards we list the important backend and frontend topics related to embedded dashboards!
If you haven't gone through our 'Ready-for-production' Data Checklist yet for your dataset(s), or our 'Ready-for-production' Dashboard Checklist for your dashboard(s), we highly recommend to do so first to ensure they can seamlessly embedded into your application!

Collections setup checklist

Reset Collections Checkboxes

Have you created a Collection for each different collection of dashboards you would like to embed?

You can use Collections to easily create and maintain collections for different customers, departments, use-cases, etc. When using Collections to provide your requested embed tokens access to dashboards, make sure that all dashboards and underlying datasets are added to the Collection(s)!

Did you give your Collection a meaningful name?

You can do this when creating a new Collection (as shown in this Academy article) or by adapting an existing Collection.

(Optional) Did you apply the necessary (multi-tenant) parameter/static filter(s)?

There are two ways to specify your parameter/static filters
- Specify them on the dataset in the Collections (e.g. from within the Collections modal): the filters will be applied to queries from dashboards viewed within the context of the Collections. This is neatly explained in this Academy article. All multi-tenant filters should be configured this way, as that ensures that all queries on that dataset are securely scoped towards the embed token and (default) embed filters configured!
- Specify them on the dashboard from within the dashboard editor: the filters will be applied solely on the specific dashboard itself. This Academy article shows you how to achieve that!
  For security purposes, you should not specify multitenant parameterized filters on the dashboard, as e.g. designer embed tokens could modify or create new dashboards that would allow them to query the dataset without the filters.

(In case of using parameter filters) Have you specified a default parameter value to point to no / demo data?

We recommend to specify a default parameter value pointing to no or demo data, that prevents exposing client-specific data if the parameter would not be overridden in the authorization request.

(Optional) Did you make sure to publish a dashboard version for each of your dashboards associated with the Collection?

This enables you to make changes to these dashboards without these changes being represented in the embedded dashboards. Once you mark your new version as published it will automatically be used in the embedded dashboard. More information on dashboard versioning can be found in This Academy article.

Backend authorization checklist

Reset Backend Checkboxes

Are you using one of our backend SDKs and if so, is it the latest version?

All SDKs are listed here in the Developer documentation.

Do you only expose your API key and token in your backend and have you stored them securely in e.g. environment variables?

Your API key and token can be seen as your username and password to Luzmo's API and your account. You should never expose these on the client side!

Do you specify all required properties in the authorization request?

The required properties are listed here in the Developer documentation.

The username property is used to uniquely identify a Monthly Active Viewer (MAV) or Monthly Active Designer (MAD) for your Organization. It is thus important that the specified username is unique and immutable for a specific end-user (e.g. the primary key for that user).

Do you only include the authorization key and token in the response to your frontend?

The response of the authorization request contains the specified metadata and expiry settings which you might not want to expose to your end user.

(Optional multi-tenancy setup) Are you overriding all parameters specified in the dashboard(s) and/or Collection?

Overriding parameters is explained in Step 2 of this Academy article.

(Optional multi-tenancy setup) Are you specifying the necessary static filters in the authorization request?

The second part of this Academy article shows you how you can define a static filter.
We recommend using parameter filters instead of static filters as these are easier to use!

(Optional multi-tenancy setup) Are you applying the proper connection overrides (account_overrides) to point towards the user-specific data source?

This Academy article explains how this works and how to specify a connection override (account_override) in the authorization request.

Frontend embedding checklist

Reset Frontend Checkboxes

Do not expose your API key and token in your frontend code!

Are you using one of our frontend components and if so, is it the latest version?

All frontend components are listed here in the Developer documentation.

Is your dashboard (& underlying datasets) only accessible with an authorization key and token?

If not, the end user is able to view the dashboard without authentication and this might be a security issue if undesired.
The Luzmo UI will show a "globe" symbol next to datasets and dashboards that are publicly accessible without an authorization token. You can also verify this by not specifying an authorization key and token when embedding the dashboard in your frontend and opening your application in an incognito browser (to avoid your logged-in Luzmo user to grant access to the dashboard).
- If your dashboard is not publicly shared, you’ll see an error message being displayed instead of the dashboard itself.
- If your dashboard is publicly shared but the underlying dataset(s) are not, you will see “No Access” errors being displayed on each item querying the dataset(s).
- If your dashboard loads fine in e.g. an incognito window, Both your dashboard as well as your datasets have been shared publicly (which might be undesirable)!
You can make the dashboard/dataset resources private by removing “Public” or “Via shareable link” in the share modal in our application, this Academy article shows you where to find that modal!

Have you provided enough space for the embedded dashboard?

The dashboard components resize (and switch between screen modes) automatically based on the available width.

(Optional) Are you using getAccessibleDashboards to dynamically retrieve a list of accessible dashboards?

More information on this method and some use-cases can be found in this Academy article.

(Optional) Is all desired bi-directional communication implemented (e.g. Custom events, getFilters, refreshData, etc.)?

Most of the options are listed at the end of this Academy article. Next to that, you can find more information on the possibilities in the “Embed” Developer docs chapter or in the README file of the specific frontend component you’re using.

Reset All Checkboxes

That's it, you've successfully managed to set your embedded dashboards up in your application! Time to enjoy the result 🎉

Need more information?

Do you still have questions? Let us know how we can help.

Send us feedback!