Sooner or later, every SaaS product hears the same request from customers: "Can we get reporting on our own data, inside the app?" And every engineering team gives the same sigh, because building analytics from scratch — a query layer, a charting engine, per-tenant security, a dashboard builder — is months of work that has nothing to do with your actual product.
That's the whole reason Datalytics ships as an embeddable SDK. Instead of building BI, you drop a component into your app and pass it a secure token. Here's the full integration, end to end.
Step 1 — Drop in the component
Datalytics dashboards are web components (built on Angular Elements), which means they run in any frontend — React, Vue, Angular, or plain HTML. Add the script and place the element:
<script src="https://cdn.getdatalytics.com/embed.js"></script>
<datalytics-dashboard
dashboard-id="sales-overview"
theme="light">
</datalytics-dashboard>
At this point the component exists but shows nothing — because it doesn't yet know who's asking or what they're allowed to see. That's the important part.
Step 2 — Mint a signed token on your backend
Embedded analytics lives or dies on security: customer A must never see customer B's data. The clean way to enforce this is a two-token handshake. Token one is an identity assertion your own backend signs — you already know who the logged-in user is and which tenant they belong to, so you vouch for them.
Your server signs a short-lived RS256 JWT with your private key. Datalytics verifies it with your public key — so the browser never holds any long-lived secret:
// Node / NestJS backend
import jwt from 'jsonwebtoken';
function mintDatalyticsToken(user) {
return jwt.sign(
{
sub: user.id,
tenant: user.tenantId, // scopes all queries to this tenant
scope: ['dashboard:sales-overview'],
},
PRIVATE_KEY, // your RSA private key
{
algorithm: 'RS256',
expiresIn: '10m', // short-lived on purpose
audience: 'datalytics',
issuer: 'your-app',
},
);
}
Step 3 — The two-token exchange
Your frontend fetches that identity token and hands it to the component. Datalytics verifies the signature, reads the tenant and scope, and exchanges it for its own short-lived session token that governs the live dashboard connection. Two tokens, two jobs: yours proves identity, theirs runs the session.
const el = document.querySelector('datalytics-dashboard');
// fetch the signed identity token from YOUR backend
const res = await fetch('/api/analytics-token');
const { token } = await res.json();
// hand it over — the component does the exchange internally
el.token = token;
The dashboard renders, and every query it runs is automatically filtered to that tenant. Row-level security is enforced by the signed tenant claim — not by anything editable in the browser.
Step 4 — Make it look like your app
An embedded dashboard should feel native, not bolted-on. Theme it with CSS custom properties so it inherits your product's look:
datalytics-dashboard {
--dl-accent: #0e9384;
--dl-font: 'Inter', sans-serif;
--dl-radius: 10px;
}
What you just avoided
No query engine, no charting library, no dashboard builder, no per-tenant security model — and no BI team to maintain any of it. Your users get live, self-serve analytics inside your product; you shipped it in an afternoon and moved on with your roadmap.
If you've been putting off "in-app reporting" because building it is a project of its own, this is the shortcut → getdatalytics.com
No comments:
Post a Comment