How does QS share authentication with third party API's

Hello,
we would like users to be able to click a link inside the dashboard and that link is set to write data to an external database via api gateway(hosted in separate aws account). We would like to secure that api to allow requests from only authenticated users in quicksight and like to explore our options to do that. we are following the process outlined here:Perform secure database write-backs with Amazon QuickSight | AWS Business Intelligence Blog , except in our case quicksight and api gateway are present in separate accounts. Would you please advice on how does QS share authentication with third party API’s ? we are amazon internal users and currently using amazonbi account.

Thanks,
Cindy

1 Like

Checking if any updates?

Thanks,
Cindy

1 Like

Hey @Cindy, the link functionality with QuickSight just means you can click on an external url. It doesn’t necessary mean if the link is to a url in a different QuickSight account, it just means it is important to generate a url that contains whatever you need to authenticate to your API. QuickSight isn’t actually sharing any of the authentication information and can’t be used as an IDP. In that example provided, they are using Lambda with Redshift to generate a hash value that when provided to the API, authenticates the request. How is your API authenticated?

Hi @Cindy. Checking in. We have not heard back from you regarding your question. We’d still like to help. If we do not hear back in the next 3 days, we will archive the question.

Hi @Xclipse thank you for getting back to us.We are trying to explore mechanisms to have authentication for the API and wondering if there is a way from quicksight to add something to either headers or if there isa dynamic value that can be added to querystring

1 Like

Hello @girimedi, welcome to the QuickSight community!

Are you or @Cindy able to confirm with me how your API is authenticated? The authentication process won’t come from QuickSight directly, but rather the process I explained in my last response. With some more information, I should be able to guide you further. Thank you!

Thanks Dylan, we don’t have an authentication setup yet but are wondering if there is a way in QS that the url can be appended with some user info, like the loggedin users userid or email.

Hi @girimedi, are you familiar with the new GenerateEmbedUrlForAnonymousUser and GenerateEmbedUrlForRegisteredUser APIs - GenerateEmbedUrlForAnonymousUser - Amazon QuickSight

For more information about the high-level steps for embedding and for an interactive demo of the ways you can customize embedding, visit the Amazon QuickSight Developer Portal.

Hello @girimedi, did the suggestion from @Xclipse help resolve the issue you are facing? Utilizing the embed url is likely the best way to pass variables through the URL, and any parameters linked to the dashboard can be passed through the url. That is likely the best way you can achieve your expected result.

If you have further questions on this issue, I would recommend filing a case with AWS Support where we can dive into the details so that we can help you further. Here are the steps to open a support case. I hope this helps!