diff --git a/modules/ROOT/pages/3rd-party-script.adoc b/modules/ROOT/pages/3rd-party-script.adoc index 02b8c3b2e..680cbfa75 100644 --- a/modules/ROOT/pages/3rd-party-script.adoc +++ b/modules/ROOT/pages/3rd-party-script.adoc @@ -6,11 +6,11 @@ :page-pageid: external-tool-script-integration :page-description: Security settings for embedding -ThoughtSpot supports integrating third-party apps such as Mixpanel, Pendo, LogRocket, and more in your embed. If you are using third-party tools to track usage, trace, log, or onboard your application users, you can seamlessly integrate these tools with ThoughtSpot embed and add custom JavaScripts. This feature is disabled by default on ThoughtSpot instances. To enable this feature, contact ThoughtSpot Support. +ThoughtSpot supports integrating third-party apps such as Mixpanel, Pendo, LogRocket, and more in your embed. If you are using third-party tools to track usage, trace, log, or onboard your application users, you can seamlessly integrate these tools with ThoughtSpot embed and add custom JavaScript. This feature is disabled by default on ThoughtSpot instances. To enable this feature, contact ThoughtSpot Support. [IMPORTANT] ==== -While ThoughtSpot allows the injection of custom JavaScripts, it is important to be aware of the associated security risks, particularly Cross-Site Scripting (XSS). XSS is a vulnerability that can enable malicious actors to inject and execute unauthorized scripts within a trusted environment. This can lead to data breaches, unauthorized access to user sessions, and compromised system integrity. ThoughtSpot strongly recommends reviewing security guidelines before activating this feature in your instances and exercising caution when integrating third-party tools into your embedded application. +While ThoughtSpot allows the injection of custom JavaScript, it is important to be aware of the associated security risks, particularly Cross-Site Scripting (XSS). XSS is a vulnerability that can enable malicious actors to inject and execute unauthorized scripts within a trusted environment. This can lead to data breaches, unauthorized access to user sessions, and compromised system integrity. ThoughtSpot strongly recommends reviewing security guidelines before activating this feature in your instances and exercising caution when integrating third-party tools into your embedded application. ==== == Security considerations @@ -31,7 +31,7 @@ Enabling third-party tools on embed involves two steps: Create a ThoughtSpot Support ticket to enable the feature on your instance. In your request, specify the domain URLs that will host the scripts in your embedding environment. -Wait for ThoughtSpot Support to validate, approve, and configure the URL for your instance. This step will ensure that only the trusted and vetted domains are allowed to run scripts in your application environment. +Wait for ThoughtSpot Support to validate and approve, and then add the domain that hosts the script to the CSP allowlist on your instance. This step will ensure that only the trusted and vetted domains are allowed to run scripts in your application environment. === Add script source to CSP allowlist After the script hosting URL is approved and configured by ThoughtSpot Support, you must add the JavaScript hosting domain to the CSP allowlist. This step requires administration privileges, so make sure you log in to ThoughtSpot with your administrator credentials. diff --git a/modules/ROOT/pages/authentication.adoc b/modules/ROOT/pages/authentication.adoc index 10d27cf10..6b3759d93 100644 --- a/modules/ROOT/pages/authentication.adoc +++ b/modules/ROOT/pages/authentication.adoc @@ -980,9 +980,8 @@ To log out of your current session, send a `POST` request to the `/api/rest/2.0/ [source, cURL] ---- curl -X POST \ - --url 'https://{ThoughtSpot-host}/api/rest/2.0/auth/session/logout' \ - -H 'Content-Type: application/json'\ - -H 'Accept-Language: application/json' + --url 'https://{ThoughtSpot-host}/api/rest/2.0/auth/session/logout' \ + -H 'Authorization: Bearer {AUTH_TOKEN}' ---- === Example response diff --git a/modules/ROOT/pages/deprecated-features.adoc b/modules/ROOT/pages/deprecated-features.adoc index 368f08f25..378915b25 100644 --- a/modules/ROOT/pages/deprecated-features.adoc +++ b/modules/ROOT/pages/deprecated-features.adoc @@ -14,13 +14,17 @@ As ThoughtSpot applications evolve, some existing features will be deprecated an [options='header'] |===== |Feature|Impacted interface and release versions|Deprecation date |End of Support / removal from the product + +a|xref:deprecated-features.adoc#_worksheet_deprecation_and_removal[Worksheets] a| ThoughtSpot Cloud 10.4.0.cl and later +|November 2024 | September 2025 + a|xref:deprecated-features.adoc#restApiPlayground[REST API v1 Playground] a| ThoughtSpot Cloud 10.14.0.cl and later |November 2025 | November 2025 a|xref:deprecated-features.adoc#SageDeprecationNotice[Sage Search and Ask Sage] a| * ThoughtSpot Cloud 10.13.0.cl and later * Visual Embed SDK version 1.40.0 and later -| September 2025 | September 2025 +| September 2025 | December 2025 a|xref:deprecated-features.adoc#connectionAPIs[Delete and update connection API v2 endpoints] a|REST API v2 + @@ -76,6 +80,24 @@ a|xref:deprecated-features.adoc#_deprecated_parameter_in_rest_api_v2_0_authentic |||| |===== + +== Worksheet deprecation and removal + +Starting with 10.4.0.cl, Worksheets are deprecated and disabled by default in ThoughtSpot. In ThoughtSpot Cloud 10.12.0.cl and later versions, the ability to create new Worksheets will be removed, and all existing Worksheets will be automatically migrated to Models. + +Impact on your instance:: + +All existing Worksheets on your instance will be migrated automatically to Models, and Worksheets will no longer be available in the ThoughtSpot UI after the 10.12.0.cl release. Note that even adding a dbt connection will result in the creation of a Model. However, if you are using Worksheets in Git workflows or CI/CD pipelines that rely on import or create, those will continue to work temporarily until 10.13.0.cl. ++ +Starting with 10.13.0.cl, import of worksheet TMLs will be blocked. Any such operations will fail with an error, requiring users to convert Worksheets to Models before importing. You may want to update your CI/CD and Git workflows to use Model TMLs instead of Worksheets. + +Recommended action:: +* If your instance has Worksheets, verify whether they are replaced with Models after your instance is upgraded to 10.12.0.cl. +* If you are importing Worksheet TML, the import operation will fail. Therefore, ThoughtSpot recommends converting Worksheets to Models and then importing Model TMLs to ThoughtSpot. +* Update your CI/CD and Git workflows to use Model TMLs instead of Worksheets. +* In REST APIs, the subtypes of `LOGICAL_TABLE` objects may still be referred to as Worksheet. However, these subtypes imply Models. When you specify subtype `WORKSHEET`, the API will include Models in the response or operation. +* You may find the "Worksheet" terminology in the Visual Embed SDK configuration properties and feature flags; for example, the `worksheetId` property in Spotter embed. However, when configuring these settings, use the Model object and its associated properties. + [#restApiPlayground] == REST API v1 Playground deprecation diff --git a/modules/ROOT/pages/embed-ts-react-app.adoc b/modules/ROOT/pages/embed-ts-react-app.adoc index a01ba6ec4..95081f4da 100644 --- a/modules/ROOT/pages/embed-ts-react-app.adoc +++ b/modules/ROOT/pages/embed-ts-react-app.adoc @@ -70,7 +70,7 @@ If you want to use Port 8000 instead, xref:security-settings.adoc#csp-viz-embed- === Install SDK -* Install the Visual Embed SDK from NPM. +Install the Visual Embed SDK from NPM. + ---- npm install @thoughtspot/visual-embed-sdk @@ -86,7 +86,6 @@ You will require GUIDs of the following objects to embed ThoughtSpot components. You can find the GUIDs of these objects in the UI, the developer Playground on your ThoughtSpot instance, or through the xref:metadata-api.adoc#metadata-list[metadata/list] and xref:metadata-api#object-header[metadata/listobjectheaders] REST API endpoints. - == Embed a Liveboard To embed a ThoughtSpot Liveboard, complete the following steps: diff --git a/modules/ROOT/pages/open-issues.adoc b/modules/ROOT/pages/open-issues.adoc index 43e4b0fa0..4f521791d 100644 --- a/modules/ROOT/pages/open-issues.adoc +++ b/modules/ROOT/pages/open-issues.adoc @@ -8,26 +8,35 @@ This page lists the known issues that you might run into while embedding ThoughtSpot in your app, or when using the embedded interface or making REST API calls. - == Version 10.5.0.cl -[cols="3,6"] +[cols="4,6"] [options='header'] |===== |Issue Description| Symptoms, conditions, and workaround +|When a visualization in Liveboard embed is opened in edit mode, empty spaces appear beneath or above the visualization area.| +**Symptom**: + +When `fullHeight` is set to `true` in a Liveboard embed, the visualization pages show empty areas in edit mode. + +**Conditions**: + +The `fullHeight` property dynamically sets the height of the embed container according to the height of the Liveboard. When a visualization is opened in edit mode, the same dynamic height is applied, which can result in empty space appearing on the visualization pages. This is a known limitation. -|When names are used as identifiers in path parameters, the API requests return `400 - Bad request` error. | +**Workaround**: + +None. This is a display issue and does not affect the underlying data or functionality. +|When names are used as identifiers in path parameters, the API requests return `400 - Bad request` error. +| **Symptom**: + If the identifier is a required attribute in the path parameter and contains a forward slash `/`, for example `N/firstname/lastname` as `user_identifier`, the API’s URI structure changes and results in a `400 - Bad Request` error. This effectively alters the API contract, making it invalid. -**Conditions**: This is a known limitation, which affects API requests to `/api/rest/2.0/users/{user_identifier}/delete`, `/api/rest/2.0/users/{user_identifier}/update` or any endpoint that accepts identifier as the path parameter. +**Conditions**: + +This is a known limitation, which affects API requests to `/api/rest/2.0/users/{user_identifier}/delete`, `/api/rest/2.0/users/{user_identifier}/update` or any endpoint that accepts identifier as the path parameter. -**Workaround**: To avoid this issue, use GUID instead of the name for object, user, Role, and group identifiers in path parameters. +**Workaround**: + +To avoid this issue, use GUID instead of the name for object, user, Role, and group identifiers in path parameters. |The `logLevel` property does not suppress ThoughtSpot application logs.| **Symptom**: + - The `logLevel` attribute in the Visual Embed SDK does not suppress ThoughtSpot application logs. For example, despite setting `logLevel:LogLevel.Error` or `logLevel:LogLevel.Silent`, the application logs for alerts, warnings, and debug messages are shown in the console output. **Conditions**: + @@ -48,7 +57,7 @@ None. When users switch between tabs on an embedded Liveboard, the height of the Liveboard page changes and cuts the Liveboard content. **Conditions**: + -This issue was observed on ThoughtSpot embedded instances using Visual Embed SDK versions below v1.29.0, with the `fullHeight` property set to `true`. +This issue was observed on ThoughtSpot embedded instancess using Visual Embed SDK versions below v1.29.0, with the `fullHeight` property set to `true`. **Workaround**: + To resolve this issue, upgrade to Visual Embed SDK v1.29.0 or later. @@ -70,7 +79,6 @@ This issue occurs because when reimporting TML invalid characters are added to t **Workaround**: + See xref:tml.adoc#yamlReimport[YAML reimport in the REST API v2 Playground]. -|| |===== diff --git a/modules/ROOT/pages/pendo-integration.adoc b/modules/ROOT/pages/pendo-integration.adoc index 84b093340..9fe6d35cd 100644 --- a/modules/ROOT/pages/pendo-integration.adoc +++ b/modules/ROOT/pages/pendo-integration.adoc @@ -19,7 +19,7 @@ To launch Pendo guides and analytics within your ThoughtSpot embed, you must int Pendo integration with ThoughtSpot embed requires the following: * Access to Pendo + -If you do not have a Pendo account, link:https://app.pendo.io/register[sign up for Pendo or use a trial, window=_blank] account. +If you do not have a Pendo account, you can link:https://app.pendo.io/register[sign up for Pendo, window=_blank] and create a trial account. * Access to a ThoughtSpot instance. You need administrator privileges to enable Pendo integration. * Approval from ThoughtSpot Support for Pendo integration. * A publicly accessible domain to host your integration script. @@ -45,7 +45,7 @@ The integration script typically includes the following components: * Pendo visitor configuration that identifies the user (visitor). * Pendo account configuration that identifies the account (organization or user group) to which the user belongs -The client key and configuration metadata for Pendo visitor and account must be passed to the script via the xref:pendo-integration.adoc#_step_6_define_custom_variables_in_the_visual_embed_sdk[customVariablesForThirdPartyTools] object in the Visual Embed SDK to identify users and accounts for tracking, segmentation, and personalized experiences within Pendo. +The client key and configuration metadata for the Pendo visitor and account must be passed to the script via the xref:pendo-integration.adoc#_step_6_define_custom_variables_in_the_visual_embed_sdk[customVariablesForThirdPartyTools] object in the Visual Embed SDK to identify users and accounts for tracking, segmentation, and personalized experiences within Pendo. For more information about the Pendo configuration metadata, script creation and its components, refer to the following articles in the Pendo documentation: @@ -166,7 +166,7 @@ image::./images/pendo-dev-console.png[Dev console verification] For more information about `pendo.validateEnvironment()`, see the "Verify the installation" section in the link:https://support.pendo.io/hc/en-us/articles/360046272771-Developer-s-guide-to-implementing-Pendo-using-the-install-script[Pendo Documentation, window=_blank] or refer to the link:https://github.com/thoughtspot/developer-examples/blob/524ef13121fcae4756a951648e3e6dc4bb29aa26/visual-embed/pendo-integration/pendoIntegrationScript.js#L108[sample script provided by ThoughtSpot, window=_blank]. + . Log in to Pendo to create a sample guide for your ThoughtSpot application instance. -. Verify if the Pendo guide is published in the ThoughtSpot UI. available. + +. In the ThoughtSpot UI, verify if the Pendo guide is published. + In the following figure shows the sample Pendo element assigned to the information badge next to Watchlist on the ThoughtSpot Home page: + [.bordered] @@ -185,7 +185,7 @@ If the script is not loading: If the variables are not available: * Check if the SDK is initialized and the variables are passed in the `customVariablesForThirdPartyTools` object in the `init()` function in the SDK. -* Check whether your script has access to `window.tsEmbed` after the embed has initialized. +* Check whether your script can access the `window.tsEmbed` object after the embed has initialized. == Additional resources diff --git a/modules/ROOT/pages/publish-api.adoc b/modules/ROOT/pages/publish-api.adoc index 0a33138be..323b38239 100644 --- a/modules/ROOT/pages/publish-api.adoc +++ b/modules/ROOT/pages/publish-api.adoc @@ -73,7 +73,7 @@ When published, the object and its dependencies will be visible only to administ == Synchronize updates -The published object will be available to users in read-only mode within the target Orgs. While users can interact with the published object, only the original version in the Primary Org is editable. +The published object will be available to users in read-only mode within the target Orgs. While Org users can interact with the published object, only the original version in the Primary Org is editable, and it can be modified only by the cluster administrator. When the object in the Primary Org is updated, the changes are automatically propagated to the published versions in the target Orgs and will be visible to users upon the next reload. == Remove published objects diff --git a/modules/ROOT/pages/publishing-overview.adoc b/modules/ROOT/pages/publishing-overview.adoc index ae94eb639..dabe14ab6 100644 --- a/modules/ROOT/pages/publishing-overview.adoc +++ b/modules/ROOT/pages/publishing-overview.adoc @@ -91,7 +91,7 @@ Note the following feature limitations in the beta version: * Only ThoughtSpot administrators with access to all Orgs can publish objects. * Objects can be published only from the Primary Org to other Orgs. -* In the target Orgs, published objects are available in read-only mode. The original object in the Primary Org remains editable by the cluster administrator and users with edit permissions. +* In the target Orgs, published objects are available in read-only mode. The original object in the Primary Org remains editable only by the cluster administrator. * Spotter functionality is not supported for published objects. * Search data indexing is disabled for published tables. * Git integration is not supported for published objects. diff --git a/modules/ROOT/pages/rel-page-sw.adoc b/modules/ROOT/pages/rel-page-sw.adoc deleted file mode 100644 index 4757856f8..000000000 --- a/modules/ROOT/pages/rel-page-sw.adoc +++ /dev/null @@ -1,120 +0,0 @@ -= Now available on ThoughtSpot Software! -:toc: true -:toclevels: 1 -= :page-title: Embedding support on ThoughtSpot Software clusters -:page-pageid: embedding-support-software -:page-description: This article sumamrizes the embedding support and ThoughtSpot Embedded features available on ThoughtSpot Software clusters. - -ThoughtSpot Software clusters now support embedded analytics with Visual Embed SDK! - -Starting from the 8.4.1-sw release, ThoughtSpot Software customers who have a license to embed ThoughtSpot can use Visual Embed SDK to embed ThoughtSpot objects in their apps. - -== Embedding methods - -For information about the embedding options available for your deployments, see xref:embed-methods.adoc#_supported_embedding_methods[Supported embedding methods]. - - -== Embedding with Visual Embed SDK - -The Visual Embed SDK provides Javascript-based embed packages and client libraries to help you embed the following ThoughtSpot components in your web application: + - -* xref:embed-search.adoc[ThoughtSpot Search] -* xref:embed-pinboard.adoc[Liveboards] -* xref:embed-a-viz.adoc[Individual visualizations from a Liveboard] -* xref:full-embed.adoc[Individual application pages or the full application] - -Developers can also customize embedded objects using the APIs in the SDK: + - -* xref:embed-search.adoc[modify the layout of the embedded Search page] -* xref:full-embed.adoc[customize the layout and home tabs in the embedded ThoughtSpot view] -* xref:embed-actions.adoc[show or hide UI actions] -* xref:runtime-filters.adoc[apply runtime filters] -* xref:embed-events.adoc[trigger events and respond to events with an action] -* xref:custom-actions.adoc[handle callback custom actions] that trigger a callback and send ThoughtSpot data in a response payload to the parent app. - -=== Supported SDK versions - -The minimum SDK version required for embedding ThoughtSpot Software in your app is `1.12.0`. - -You can upgrade to a later version if required. However, you must exercise caution before upgrading to a new version because the new versions may introduce breaking changes. The new version may also include APIs, methods, and attributes for features that are not yet available on your ThoughtSpot Software release. - -For more information about the SDK versions, supported methods and classes, see xref:api-changelog.adoc[Visual Embed Changelog] and xref:VisualEmbedSdk.adoc[Visual Embed SDK Reference Guide]. - -== REST API - -REST API v1 operations are supported on ThoughtSpot Software by default. You can make API calls to query data, add and modify ThoughtSpot objects, and perform administrative tasks. - -The *Develop* tab in the UI also allows you to explore REST API v1 and REST API v2 [beta betaBackground]^Beta^ request and response workflows. - -For a complete list of endpoints and information about allowed operations, see xref:rest-api-reference.adoc[REST API v1 Reference] and xref:rest-api-v2-reference.adoc[REST API v2 ^BETA^ Reference]. - -== Feature support matrix - -[div tableContainer] --- -[width="100%" cols="7,5,5"] -[options='header'] -|===== -|Feature|ThoughtSpot Software clusters with ThoughtSpot Embedded|Clusters without ThoughtSpot Embedded or embedding license - -|Access to **Develop** tab + - -(Requires developer or admin privileges) |[tag greenBackground tick]#✓# | [tag greenBackground tick]#✓# -| Visual Embed playground |[tag greenBackground tick]#✓# -|[tag greenBackground tick]#✓# - -| Visual Embed SDK + - -Creating an app with ThoughtSpot Search, visualizations, Liveboards, or full application using Visual Embed SDK libraries a|[tag greenBackground tick]#✓# + -__The minimum supported version is 1.12.0__| [tag greyBackground tick]#–# - -a|Embedding with REST APIs + - -* Embedding Liveboards with visualizations + -* Embedding search data -|[tag greenBackground tick]#✓# + - -|[tag greenBackground tick]#✓# + -(Basic authentication only) - -|Authentication options + -(For embedded ThoughtSpot instances only) a| [tag greenBackground tick]#✓# Basic authentication + - -[tag greenBackground tick]#✓# SAML SSO + - -[tag greenBackground tick]#✓# Token-based authentication + - -[tag greenBackground tick]#✓# OIDC + - -| [tag greenBackground tick]#✓# Basic authentication + - -[tag greenBackground tick]#✓# SAML SSO - -a|REST API v1 + - -|[tag greenBackground tick]#✓# -|[tag greenBackground tick]#✓# + -(Basic authentication only) - -a|REST API v2 [beta betaBackground]^Beta^ |[tag greenBackground tick]#✓# + - |[tag greenBackground tick]#✓# + -(Basic authentication only) - -|REST API Playground [beta betaBackground]^Beta^|[tag greenBackground tick]#✓# | [tag greenBackground tick]#✓# - -|URL-based custom actions|[tag greenBackground tick]#✓# |[tag greenBackground tick]#✓# -|Callback custom actions|[tag greenBackground tick]#✓# |[tag greyBackground tick]#–# -|UI styles, font, and layout customization|[tag greenBackground tick]#✓# |[tag greenBackground tick]#✓# -|Link customization|[tag greenBackground tick]#✓# |[tag greyBackground tick]#–# -|Security settings for embedding ThoughtSpot + - -(CSP, CORS, and SAML Redirect configuration)| [tag greenBackground tick]#✓# | [tag greyBackground tick]#–# | [tag greyBackground tick]#–# -|===== --- - -== Documentation - -An up-to-date version of ThoughtSpot Embedded documentation is available on the link:https://developers.thoughtspot.com/docs[Developer Documentation] site. To view the documentation specific to the Software release version that your cluster is currently on: - -. Go to the *Develop* tab on your cluster. -. Click the *Guide* menu under *Visual Embed SDK* or *REST API*.