Exchange a session for an embed token

curl --request POST \
  --url https://{tenant}.cubecloud.dev/api/v1/embed/session/token \
  --header 'Authorization: Bearer <token>' \
  --header 'Content-Type: application/json' \
  --data '
{
  "sessionId": "<string>"
}
'

{
  "token": "<string>"
}

POST

embed

session

token

Exchange a session for an embed token

curl --request POST \
  --url https://{tenant}.cubecloud.dev/api/v1/embed/session/token \
  --header 'Authorization: Bearer <token>' \
  --header 'Content-Type: application/json' \
  --data '
{
  "sessionId": "<string>"
}
'

{
  "token": "<string>"
}

Exchanges a one-time embed session id (created via POST /api/v1/embed/generate-session) for a signed, short-lived embed JWT used to authenticate the embedded analytics in the browser. The session is single-use: it is consumed (deleted) on the first successful exchange, so a given sessionId can be redeemed only once. The returned token is signed with the tenant’s embed secret, issued by cubecloud, and expires after 24 hours. This endpoint is unauthenticated — it is called from the embedding client and the session id itself is the credential. Returns 401 if the session id is unknown or has already been redeemed.

Authorizations

Authorization

string

header

required

Token authentication. Send Authorization: Bearer <YOUR_TOKEN>.

Body

application/json

PostTokenBySessionIdInputDTO

sessionId

string

required

Response

200 - application/json

token

string

required

Generate an embed session Get groups

⌘I