Securing multi-tenant embedded dashboards requires ensuring each customer only sees their own data. Draxlr provides multiple layers of security for this:
- Hidden filters — Add filters for tenant_id, user_id, or organization_id to your dashboard, then hide them in the embed settings. End users cannot see or modify these filters.
- Backend API — Enable the backend API option so filter values are passed server-side rather than through the frontend. This prevents users from inspecting or tampering with filter values in the browser.
- Domain restrictions — Set allowed domains so your embedded dashboard can only be loaded on your application's domain.
- Default filter values — Pre-set filter values per tenant so each customer's embed loads with their specific data.
This combination of hidden filters, server-side filtering, and domain restrictions ensures your multi-tenant embedded dashboards are secure without requiring complex custom code.