Hello team,
Hello team,
a quick question regarding custom actions.
1. I have written an REST API that returns a csv file as response and integrated it with ThoughtSpot custom actions. When I inteteract with custom actions via widget csv file does not get downloaded. So what I was wondering is if downloading a file from an custom actions is a valid use case?
2. How do I add clientid and clientsecrect to custom actions so that ThoughtSpot would get a machine to machine token for authenticating ?
4 Replies
1. We should be able to do this use case through custom actions. I do not see if it should cause any issues. Can you share a HAR file when you try out this custom action and your code you have written for the same?
2. We do not have adding these as separate fields right now. Maybe add them as part of url in the custom action and then process it in a BE server? Would that help your use case?
thank you for your response @shikharTS .
#1: I can share you the HAR file when custom actions is executed. But I didnot understand about API code. can you elaborate?
#2: we want to add authentication mechanism so that access to the api will be secure as this being an internet exposed API.
We can make it part of API itself and ask BE server to get the token from authnentication server but that would still make the API open rite? anyone pretending to be coming for virsec.thoughtspot.cloud will have access to the data. With clientid,clientsecrect and domain information stored for OAuth token I can guarantee that ThoughtSpot will be only one who can get the token from our authentication server.
How are you calling the API? Have you added this API directly to custom actions?
Currently we do not have adding them as separate fields to custom actions. @Aditya / @Sandeep do we have any other way of doing this?
@Swarnika can you help here?
Hi @Murali Krishna if you want to add an authentication mechanism to validate if the user is valid or not, you can call the auth token api to fetch the token for that user. If the user is not valid, you can throw out the error. If the user is valid, then you can use this token to call download csv API