search

globeGenerate a token via API

To embed a dashboard in your application, you first need to generate an embed auth token. This token authorizes access to the dashboard for a specific user and must be generated from your backend.

hashtag
Objective

This tutorial shows you how to programmatically generate an access token for embedding dashboards or charts by calling the /generate-token API endpoint. This is useful for server-side integrations, automation, or custom workflows.

hashtag
Prerequisites

  • A Toucan AI account

  • An API key with permission to generate tokens

  • The base URL for your Toucan AI instance (e.g., https://your-instance.toucan.ai)

hashtag
Steps

1. Create an API Key

Go to your application User Settings. Generate an API Key (it will be used by your backend to authenticate with our API). Store this key securely.

Caution Important Security Notice This "Create Embed Authorization" request must happen server-side only. You do not want to expose your API key or embed token client-side, as that would allow end users to:

  • change filters or parameters themselves,

  • or even gain direct access to your secured dashboards and datasets.

Never use your API key or token in the frontend!

2. Call the /generate-token endpoint

From your backend, make a POST request to the /api/generate-token endpoint of your Toucan instance:

  • Cloud (SaaS): https://toucanai.cloud/api/generate-token

  • Self-hosted: https://your-domain.com/api/generate-token

Example requests

Bash

JavaScript

Python

Go

Request Body Parameters

Field
Type
Required
Description

user

object

User information object

User Object Properties

Field
Type
Required
Description

distinctId

string

Unique user identifier for tracking in logs and traces

role

"explorer"

User role (explorer-only currently)

Response

On success, the endpoint returns a JSON object containing the embed token:

Copy this token for use in embedding dashboards or charts.

3. Use the Token

Use the generated token in your embedding integration as described in the Authentication & Tokens guide.

hashtag
Security Best Practices

  • Never expose your API key or token generation endpoint to client-side code.

  • Always generate tokens server-side.

  • Store API keys securely (e.g., environment variables, secret managers).

hashtag
Conclusion

Congratulations! You have successfully generated a token via the Toucan AI API. Programmatic token generation allows you to automate secure access for embedding analytics, ensuring each user receives the correct data and permissions in your application.

PreviousToken introspectionNextPermissions & Row-Level Security

Last updated