How to securely handle credentials in QuickSight URLs without exposing them to end users?

Question

I'm building QuickSight dashboards that need to link to external APIs with authentication. Currently, I'm concatenating API URLs with keys directly in my data pipeline.

Problem: When users hover or click these URLs in QuickSight, the API key becomes visible in tooltips and browser address bars.

My question is: what's the recommended approach to handle authenticated external API links in QuickSight without exposing credentials to end users? Is there a way to do this within QuickSight alone, or do I need a proxy endpoint?

Any guidance on best practices for this scenario would be appreciated!

Nikhil Jha · Answer

Hello,

Thank you for contacting AWS!

One alternative approach is to use QuickSight console embedding, as described in reference link below. Amazon QuickSight this way you create the portal with required domain names and embed QuickSight console inside via iframe.
[+] https://docs.aws.amazon.com/quicksight/latest/user/manage-qs-domains-and-embedding.html

Amazon QuickSight offers 2 types of embedding:
1. One-click Embedding
2. API-based Embedding

Using the below Embedding documentation you can explore how embedding can be performed:
[+] https://docs.aws.amazon.com/quicksight/latest/user/embedded-analytics-api.html
For Architectural reference: [+] https://community.amazonquicksight.com/t/1-start-here-embedded-analytics-overview/16484

Aside, if you wish to develop and manage a custom application, then using Proxy endpoint is a valid consideration.

How to securely handle credentials in QuickSight URLs without exposing them to end users?

Add your answer

Relevant content