Generate Session
The Generate Session API provides secure, session-based authentication for signed embedding. This API creates temporary sessions that allow external users to access embedded dashboards and visualizations without exposing your API keys.
The Generate Session API is available on Premium and Enterprise plans (opens in a new tab).
Authentication
The Generate Session API requires your Cube Cloud API key for authentication.
Endpoint
POST https://{accountName}.cubecloud.dev/api/v1/embed/generate-sessionRequest Headers
| Header | Value | Required |
|---|---|---|
Content-Type | application/json | Yes |
Authorization | Api-Key YOUR_API_KEY | Yes |
Request Body
| Field | Type | Required | Description |
|---|---|---|---|
externalId | string | No | Unique identifier for the external user. Either externalId or internalId should be provided. |
internalId | string | No | Email address (or LDAP identifier if account is configured to use LDAP) of an internal Cube Cloud user. Either externalId or internalId should be provided. |
userAttributes | array | No | Array of {name, value} pairs for row-level security. Not allowed with internalId. |
groups | string[] | No | Array of group names for user. Not allowed with internalId. |
securityContext | object | No | Custom security context object passed to Cube queries. Not allowed with internalId. |
When using internalId, the user must already exist in Cube Cloud. You cannot specify roles, groups, userAttributes, or securityContext with internalId — the internal user's existing permissions are used instead.
Accounts are limited to 10,000 external users. To increase this limit, please contact support.
Response
The API returns a session object:
{
"sessionId": "abc123def456..."
}| Field | Type | Description |
|---|---|---|
sessionId | string | Unique session identifier to use for embedding content |
Use the sessionId directly in your embed URL to authenticate and load content securely.
Code Example
Use session ID in signed embedding.