Authenticate users to ThoughtSpot
Embed ThoughtSpot visualizations in your Web page using the
Supply ThoughtSpot data to your Web page through ThoughtSpot’s REST APIs
To use the JS API in your Web page, you must have the access and permissions to update the code of your Web page or application.
The JS API works in the following browsers:
- Mozilla Firefox
68.x, 69.x, and later
- Google Chrome
76.x, 77.x, and later
- Internet Explorer
For ThoughtSpot versions 6.3.0 and earlier, Internet Explorer versions 11.x, and later are supported. Starting with ThoughtSpot versions 6.3.1 and later, support for Internet Explorer is deprecated.
- Microsoft Edge
81.0.416.53, and later
- Apple Safari
13.x, and later
Microsoft introduced a compatibility mode in Internet Explorer 10, which displays the page using the version of Internet Explorer that is most compatible with that page. Because we do not support any version earlier than 11, this feature may break the code. Note that starting with ThoughtSpot version 6.3.1, all support for Internet Explorer is deprecated. Prior to ThoughtSpot version 6.3.1, Internet Explorer 11 is supported.
There are two approaches for forcing the Internet Explorer to emulate the most recent version:
Add a Custom Response Header We recommend this approach because it is more robust, offers more control, and has a lower risk of introducing a bug to your code. in general, you must set the response header to match the server and the technology.
set the header name to "X-UA-Compatible"
set the value to "IE=Edge"
Add a Meta Tag Add this meta tag as the first tag in the header section of the page:
<meta http-equiv="X-UA-Compatible" content="IE=Edge" \>
Collecting user credentials from one application (domain) and sending them to another (such as ThoughtSpot) can present security vulnerabilities such as a phishing attack. Cross-origin or cross-domain verification closes this vulnerability.
Your cluster’s CORS configuration controls which domains can use your client code to authorize users.
It also prevents code copying and deployment on unauthorized sites.
For example, if your Web site is hosted on the domain
example.com, you must enable CORS for that domain.
Similarly, to test your code locally, you must also add the domain for your local server, such as
We recommend that you disable the
localhost access after you finish testing.
To enable CORS between your client applications and your ThoughtSpot instance, you must work with ThoughtSpot Support.