Embedding Dashboards
How to embed Central Set dashboards inside external applications using an iframe and JWT authentication.
Central Set dashboards can be embedded directly into external applications using a simple iframe integration.
This allows dashboards built in Central Set to be reused inside:
- internal portals
- client applications
- admin panels
- SaaS products
- monitoring tools
The embedding system uses secure cross-window communication (postMessage) combined with JWT authentication.
𧩠Basic Embedding Example
An external application can embed a Central Set dashboard using an iframe.
Example:
<!-- other-site.html -->
<iframe
id="my-frame"
src="http://localhost:4444"
width="800"
height="600"
sandbox="allow-scripts allow-same-origin"
/>
<script>
try {
const iframe = document.getElementById('my-frame');
iframe.onload = () => {
const targetOrigin = 'http://localhost:4444'; // MUST match iframe origin
iframe.contentWindow.postMessage({
embedded_dashboard: true,
app: {app_id: 2, app: 'ETLX', db: 'ETLX'},
table: 'dashboard',
dashboard_id: 1,
token: '<JWT_TOKEN>',
theme: 'light'
}, targetOrigin);
};
} catch (e) {
console.error("Error setting up message listener:", e);
}
</script>
Once the iframe loads, the parent application sends a configuration message to the Central Set frontend.
The dashboard is then loaded inside the embedded frame.
π¦ Message Parameters
The postMessage payload defines what dashboard to load and how it should behave.
Example payload:
{
"embedded_dashboard": true,
"app": {
"app_id": 2,
"app": "ETLX",
"db": "ETLX"
},
"table": "dashboard",
"dashboard_id": 1,
"token": "<JWT_TOKEN>",
"theme": "light"
}
Parameter reference:
| Field | Description |
|---|---|
embedded_dashboard | Enables embedded dashboard mode |
app | Application context |
table | Table containing dashboards |
dashboard_id | Dashboard identifier |
token | Central Set JWT authentication token |
theme | Optional UI theme (light or dark) |
π§ Application Context
The app object defines which Central Set application database the dashboard belongs to.
Example:
{
"app_id": 2,
"app": "ETLX",
"db": "ETLX"
}
This ensures:
- correct metadata loading
- correct table resolution
- proper access control
π Authentication
Embedding dashboards requires a valid Central Set JWT token.
Example:
"token": "<JWT_TOKEN>"
This token must belong to a user with access to the requested resources.
All normal Central Set security layers still apply:
- role permissions
- table access
- row level access
- column level access
The embedded dashboard therefore respects the same security rules as the API.
π Token Sources
There are two ways to obtain a valid token.
1. Central Set Authentication
If the embedding application already authenticates against a Central Set backend, the same JWT token can be reused.
Example flow:
User login β CS backend
β JWT issued
β used for API + embedded dashboards
This is the recommended approach.
2. Access Keys
If the external application does not authenticate directly with Central Set, a token can be generated in the Admin UI.
Location:
Admin β Access Keys
Access keys create long-lived tokens that can be used by:
- external services
- integrations
- embedded dashboards
β οΈ Security Considerations
Tokens should never be embedded directly in client-side applications.
β Avoid this:
Hardcoding JWT tokens inside frontend code
This exposes the token to:
- browser inspection
- network interception
- client-side extraction
β Recommended Pattern
Serve tokens from a secure backend.
Example architecture:
User Browser
β
βΌ
Your Application Backend
β
β obtains / stores JWT
βΌ
Central Set API
The backend then injects the token into the page or returns it via a secure API endpoint.
Example flow:
1. User opens your app
2. Backend authenticates with Central Set
3. Backend returns a temporary JWT
4. Frontend embeds dashboard using that token
This ensures:
- tokens are not exposed
- authentication remains controlled
- access can be revoked centrally
π¨ Theme Support
The embed configuration optionally supports a theme parameter.
Example:
"theme": "light"
Possible values:
light
dark
If omitted, the default theme is:
light
π Use Cases
Embedding dashboards is useful for:
- customer portals
- SaaS analytics
- operational monitoring
- internal reporting tools
- ETLX pipeline monitoring
Because the dashboard runs inside Central Set, you benefit from:
- dynamic dashboards
- SQL data sources
- CRUD API data sources
- ETLX pipelines
- built-in security layers
π§ Summary
Central Set dashboards can be embedded inside any application using:
- an iframe
- a postMessage configuration
- a valid JWT token
This enables Central Set to act as a dashboard engine for external systems, while maintaining:
- centralized security
- dynamic data access
- reusable dashboards
- unified data governance.
Last updated 13 Mar 2026, 21:11 -01 .