Reports
Last updated
Was this helpful?
Last updated
Was this helpful?
The reports feature offers developers the capability to securely expose data queries in various formats such as XML, JSON, and CSV. This ensures that data can be accessed externally while maintaining security through authentication and tokenization.
Reports make use of a secure random (384bit) token to access the specified query. This token should be kept private and not shared with anyone as they will be able to access the report with it.
Depending on the sensitivity of the data you can use 3 options to access a report.
IdWithToken: You can pass the token as a query parameter (e.g. )
(Recommended): This method uses the Authorization header to pass the token. The main benefit is that the token won’t be accidentally exposed in places where the request url is logged (i.e. diagnostics).
(Best security): This method needs custom code to generate a HMAC256 signature for the requested resource. The benefits are that the key is never send across the wire and that the request can’t be replayed at a later time.
You can configure the minimum access level that should be used on a report. When it is accessed using a lesser secure option it will be flagged as and it will not be available unless a new token has been generated.
Reports return XML by default. You can use the format query parameter or Accept header to request the data as json (application/json), csv (text/csv) or tsv (text/tab-separated-values).
Examples:
curl:
This option expects the token to be passed as Authorization header using the Bearer scheme when accessing the report.
The signature is generated by including a Date header (containing a RFC1123 formatted UTC date and time), an Accept header (containing application/json, text/xml, text/csv or text/tab-separated-values) and using HMAC256 to sign the combination of the request url, accept and timestamp using a newline separator with the token as key. The Date header will be validated that it is no more than 5 minutes in the past or future (to allow for some clock skewing).
When a report is accessed using a less secure option than configured or using http instead of https it will be flagged as compromised. A log entry will be written with information about the requested url, ip and user-agent.
You can re-enable the report by giving it a new token. On a production deployment the patching feature can be used to regenerate the token.
Reports can be used to import data in an Excel file. The data will be linked to the Excel table so that it can be refreshed manually or automatically when the file is opened.
This can be done by starting the From Web wizard in Excel:
In the wizard you can switch to Advanced mode where you can add the Authorization header:
Using top and/or skip also requires sorting to provide consistent results.
Examples:
For the AuthorizationSignature option you’ll need to include the whole url as requested (which shouldn’t contain the token and format in that case, the format should be in the Accept header) for the signature calculation.
You can use the $filter query parameter to include the text-search (as used inside a Vidyano application in the search box on a query) that should be used to filter.
Examples:
For the AuthorizationSignature option you’ll need to include the whole url as requested (which shouldn’t contain the token and format in that case, the format should be in the Accept header) for the signature calculation.
For testing you can also use as it allows for Pre-request scripts and variables:
