Access Token

Why access token is required ?

  1. Access token how dingoql authenticates the graphql request.
  2. Access token also contains secure-filters encrypted in the token. These secured filters can be used for data security. This ensures that your application's user can only view the data he is allowed to see. Rest of the data gets filtered out.

To execute an analytics query on DingoQL from your application, each network call should contain a header ACCESS-TOKEN. ACCESS-TOKEN header should be set to the access token which will be generated as follows.

Generating Access Token

Step 1

Copy Secret Key by clicking "Click Here To Copy Encryption Key" in the tenant settings tabs.

Tenant Secret

Step 2

Create a json with all the secured filters you want to apply on client's visualisation / analytics query. For example

{
  "filters": [{
      "column": "seller_id",
      "value": "ali.ferell"
  }]
}

Here column is the Column Name which is set as secured.

Secured Field

Step 3

Your application server should encrypt the json string using the secret key acquired in step 1. To do this in NPM crypto-js module can be used.

const CryptoJS = require('crypto-js')
const secretKey = "xg4f8dw45m3trz7u"
const accessTokenData = {
  "filters": [{
      "column": "seller_id",
      "value": "ali.ferell"
  }]
};
const accessToken = CryptoJS.AES.encrypt(
  JSON.stringify(accessTokenData),
  secretKey,
);
console.log('ENCRYPTED ACCESS-TOKEN', ciphertext.toString());

Step 4

Server should provide this access token to client. While making any query to DingoQL's graphql endpoint client should set this access token in ACCESS-TOKEN header.

Client should not become aware of the secret key at any point. This will result in a severe security bug.