When embedding a Tableau viz into an application, we are very often asked about passing parameters in to the viz to filter down information. This post is about a few methods of implementing this behavior, and the security implications of each of them.
I’ll start by saying, to do any of this securely, you need EVERY resource you are working with to be using the HTTPS protocol (latest TLS version). If anything is not HTTPS, you could be passing important information in the clear.
There are three methods of setting a Tableau Parameter on a Tableau Server viz:
- Putting the Parameter value directly in the URL using a name value pair
- Setting the Parameter value using the JS API options object in the constructor method. This actually does the equivalent of #1 and puts the values in the URL
- Use changeParameterValueAsync() method of the JS API.
Each has its own benefits and downsides.