10-5 doc publication

modules/ROOT/pages/api-changelog.adoc

@@ -8,6 +8,21 @@
 
 This changelog lists only the changes introduced in the Visual Embed SDK. For information about new features and enhancements available for embedded analytics, see xref:whats-new.adoc[What's New].
 
+== Version 1.35.0, December 2024
+
+[width="100%" cols="1,4"]
+|====
+|[tag greenBackground]#NEW FEATURE#  a|
+The SDK now provides the `isUnifiedSearchExperienceEnabled` setting to customize the Search experience on ThoughtSpot Home page for embedding application users:
+
+* When set to `true`, the split search experience is disabled and the Search bar on the Home page functions as Natural Language Search interface
+* When set to `false`, the split search experience is enabled and object Search is set as the default Home page search experience.
+
+For more information, see xref:full-app-customize.adoc#_search_components[Search interface on the Home page in full application embedding].
+
+|[tag greenBackground]#NEW FEATURE#  a| The `overrideOrgId` parameter in the SDK provides the ability to override Org context for embedding application users. This parameter allows users authenticated to an Org to temporarily view content from another Org. Before specifying the Org ID for override, make sure the Per Org URL feature is enabled on your ThoughtSpot instance. To enable Per Org URL on your instance, contact ThoughtSpot Support.
+|====
+
 == Version 1.34.0, November 2024
 
 [width="100%" cols="1,4"]

modules/ROOT/pages/authentication.adoc

@@ -446,7 +446,7 @@ Invalid parameter
 
 === Just-in-time provisioning
 
-If the `username` does not exist in the ThoughtSpot system, you can provision a new user and assign privileges using `auto_create` and `group_identifiers` attributes. For just-in-time provisioning, include the following attributes along with `username` and `secret_key` in the `POST` request body:
+If the `username` does not exist in the ThoughtSpot system, you can provision a new user and assign privileges using `auto_create` and `group_identifiers` attributes. For xref:just-in-time-provisioning.adoc[Just-in-time provisioning], include the following attributes along with `username` and `secret_key` in the `POST` request body:
 
 [width="100%" cols="1,4"]
 [options='header']
@@ -514,19 +514,24 @@ curl -X POST \
 }'
 ----
 
-For more information, see xref:just-in-time-provisioning.adoc[Just-in-time provisioning].
-
-=== Get tokens with custom rules and filter conditions
+[NOTE]
+====
+The `auth/token/custom` API endpoint also allows you to automatically create a user during token generation. For more information, see xref:authentication.adoc#_get_tokens_with_custom_rules_and_filter_conditions[Get a token with custom rules and filter conditions for ABAC implementation].
+====
 
-To get tokens encoded in JSON Web Token (JWT) format with security entitlements for a user, send a `POST` request with the user details, filter rules, and parameter values to the `/api/rest/2.0/auth/token/custom` API endpoint. This API allows administrators to generate a token with a specific set of rules and column filtering conditions that are applied when a user session is initiated.
+[#_get_tokens_with_custom_rules_and_filter_conditions]
+=== Get a token with custom rules and filter conditions for ABAC implementation
 
-You can also use this API with the Visual Embed SDK to implement Attribute-Based Access Control (ABAC) for your embedding application users.
+To get a token with security entitlements encoded in JSON Web Token (JWT) format for a user, send a `POST` request with the user details, filter rules, and parameter values to the `/api/rest/2.0/auth/token/custom` API endpoint. This API allows administrators to generate a token with a specific set of rules and column filtering conditions that are applied when a user session is created.
 
 [NOTE]
 ====
-If your ThoughtSpot instance is on 10.4.0.cl or later, ThoughtSpot recommends using `/api/rest/2.0/auth/token/custom` to generate Attribute-Based Access (ABAC) Control tokens. The `user_parameters` property in `/api/rest/2.0/auth/token/full` and `/api/rest/2.0/auth/token/object` is deprecated in 10.4.0.cl and is not recommended for ABAC token generation.
+If your application instance is upgraded 10.4.0.cl or a later version, ThoughtSpot recommends using the +++<a href="{{navprefix}}/restV2-playground?apiResourceId=http%2Fapi-endpoints%2Fauthentication%2Fget-custom-access-token">/api/rest/2.0/auth/token/custom</a>+++ API endpoint to generate a JWT token with custom security rules for Attribute-Based Access Control (ABAC) implementation. +
+The `user_parameters` property used for generating an ABAC token via `/api/rest/2.0/auth/token/full` and `/api/rest/2.0/auth/token/object` API endpoints in the beta implementation is deprecated in 10.4.0.cl. +
+If your current implementation is using the beta version of the ABAC and you want to migrate your beta ABAC implementation to `/api/rest/2.0/auth/token/custom`, refer to the instructions in xref:jwt-migration.adoc[ABAC migration guide].
 ====
 
+
 [width="100%" cols="1,4"]
 [options='header']
 |=====
@@ -540,20 +545,20 @@ a|__String__. Password of the user account. If using `secret_key` to generate th
 |`validity_time_in_sec` +
 __Optional__| __Integer__. Token expiry duration in seconds. The default duration is 300 seconds.
 |`org_id` +
-__Optional__|__Integer__. If the Orgs feature is enabled on your instance, specify the ID of the Org for which you want to generate the authentication token. If Org ID is not  specified, the token is generated for the Primary Org (Org 0).
+__Optional__|__Integer__. If the Orgs feature is enabled on your instance, specify the ID of the Org for which you want to generate the authentication token. If an Org ID is not specified, the token is generated for the Primary Org (Org 0).
 |`persist_option` a| Indicates if the filter rules and Parameter attributes defined in the API request should persist for user sessions initiated with the token obtained from this API call. The following options are available:
 
 * `APPEND` +
-Adds the attributes defined in the API request to the user’s `user_properties`. These properties will be applied to user sessions and for scheduled jobs if any.
+Adds the attributes defined in the API request to the user’s user properties. These properties will be applied to user sessions and for scheduled jobs if any.
 
 * `NONE` +
 The security entitlements assigned via attributes will be used only for the user session initiated with the token generated from this API call.
 
 * `REPLACE` +
-Replaces existing `user_properties` of the user with the attributes defined in this API request.
+Available from 10.5.0.cl. Replaces existing user properties of the user with the attributes defined in this API request.
 
 * `RESET` +
-Resets `user_properties` assigned to a user upon token generation.
+Resets the user properties assigned to a user upon token generation.
 
 |`filter_rules`  a|__Array of filter rules__. An array of runtime filter conditions to pass via token. Each rule in the array must include the following information:
 
@@ -614,8 +619,8 @@ __Optional__ |__String__. Email address of the user. Use this parameter to add t
 |`display_name` +
 __Optional__ |__String__. Display name of the user. Use this parameter if `auto_create` is set to `true.
 |`auto_create` +
-__Optional__|__Boolean__. Creates a user if the specified username is not already available in ThoughtSpot. The default value is `true`.
-|`group_identifiers` +
+__Optional__|__Boolean__. Available from 10.5.0.cl. Creates a user if the specified username is not already available in ThoughtSpot. The default value is `true`.
+|`groups` +
 __Optional__|__Array of Strings__. GUIDs or names of the groups to assign the user to. This attribute can be used in conjunction with `auto_create` to dynamically assign groups and privileges to a user.
 |=====
 
@@ -669,14 +674,31 @@ curl -X POST \
       "identifier": "a71d5d1f-6e02-4ee1-a6e9-e158af844367"
     }
   ],
-  "org_identifier": "2",
+  "org_identifier": "0",
   "secret_key": "4c55ff63-d03e-497a-8ec6-1be083f160ee"
 }'
 ----
 
 ==== API response
 If API request is successful, the API returns a token with the security rules and attributes applied.
 
+[source,JSON]
+----
+{
+  "id": "3eefc15a-cad0-4de0-a85c-de6407a14fca",
+  "token": "{AUTH_TOKEN}",
+  "org": {
+    "id": 0,
+    "name": "Primary"
+  },
+  "user": {
+    "id": "46228fb2-8db9-4b84-b015-82ea2f3b220d",
+    "name": "UserA"
+  },
+  "creation_time_in_millis": 1733323274948,
+  "expiration_time_in_millis": 1733323574708
+}
+----
 
 ===== Response codes
 

modules/ROOT/pages/common/nav.adoc

@@ -126,7 +126,9 @@ include::generated/typedoc/CustomSideNav.adoc[]
 *** link:{{navprefix}}/access-control-sharing[Access control and sharing]
 *** link:{{navprefix}}/privileges-and-roles[Privileges and Roles]
 *** link:{{navprefix}}/data-security[Data security]
-**** link:{{navprefix}}/abac-user-parameters[ABAC via tokens ^BETA^]
+**** link:{{navprefix}}/abac-user-parameters[ABAC via tokens]
+**** link:{{navprefix}}/abac-migration-guide[Migrate ABAC ^BETA^ implementation to custom token API]
+**** link:{{navprefix}}/abac-user-parameters-beta[ABAC via tokens (pre-10.4.0.cl)]
 **** link:{{navprefix}}/rls-rules[RLS Rules]
 *** link:{{navprefix}}/selective-user-access[User access]
 ** link:{{navprefix}}/best-practices[Optimize app performance]

modules/ROOT/pages/customize-links.adoc

@@ -23,6 +23,7 @@ An Answer link is generated when a user shares an Answer with another user and i
 SpotIQ analyses links::
 ThoughtSpot generates this link when a user runs the SpotIQ analysis on the data generated from a search query, saved Answer, or a visualization pinned to a Liveboard. This link points users to the *SpotIQ Analyses* page and is also sent in email notifications.
 
+
 Links to unsubscribe from notifications::
 +
 The *Unsubscribe* link is included in system-generated emails to allow users to turn off email notifications.
@@ -80,6 +81,8 @@ For example, when a user subscribes to receive threshold-based alerts for a KPI
 ====
 * Make sure the {object-id} and {sub-object-id} variables are used only for ThoughtSpot objects. If the link format has two {object-id} variables, your application users may not receive the correct links. For example, if the link format is  `\https://www.mysite.com/?myobject-id={object-id}/liveboard-id={object-id}`, ThoughtSpot may replace both these variables with the Liveboard GUID when it generates the Liveboard link. +
 * ThoughtSpot query parameters that substitute the `{ts-query-params}` variable are prefixed with `ts-`.
+* If xref:orgs.adoc[per Org custom embed URL feature] is enabled on your ThoughtSpot instance, the Org ID is also passed as a query parameter in the `{ts-query-params}`.
+* The developers are advised to update their implementation to accommodate the Org ID in the `{ts-query-params}` while setting up the custom links for their application users, and avoid any workflow disruption.
 ====
 
 == Customize link format
@@ -175,6 +178,8 @@ https://www.mysite.com/insight/{object-id}
 ----
 https://www.mysite.com/?insights={object-id}
 ----
+
+
 Unsubscribe link::
 
 This URL provides a link to the *Profile* settings page in ThoughtSpot.
@@ -238,7 +243,20 @@ To verify if the links are generated in the format you configured, share a Liveb
 For example, if you customized the hostname in the URL as `www.mysite.com`, ThoughtSpot generates links with the `www.mysite.com` hostname.
 
 * If you are using a non-embedded ThoughtSpot instance and the Liveboard or Answer sharing URL format is customized, ThoughtSpot displays the *Embedded link format* checkbox. To copy the URL in the customized format, click *Embedded link format*.
++
+[NOTE]
+====
+If the per Org custom embed URL feature is enabled on your ThoughtSpot instance, this URL in the *Embedded link format* will also show the Org ID.
+For example if you have defined the custom link as,
+
+`\https://www.mysite.com/liveboard/{object-id}/?{ts-query-params}`
 
+The *Embedded link format* will be,
+
+`\https://www.mysite.com/liveboard/22946f4b-b4ce-4643-be50-66afcd5177/orgId=0`
+
+The Org ID will passed in the URL depending on the placement of `{ts-query-params}` in the custom link settings.
+====
 +
 [.bordered]
 [.widthAuto]
@@ -253,7 +271,10 @@ image::./images/embed-link-liveboardSchedule.png[Embed link format]
 
 * Verify the `Unsubscribe` links in email notifications.
 
+
+
 ////
 == Limitations
 
 Currently, ThoughtSpot does not support customizing the **View Liveboard** URL in Liveboard schedule notifications.
+////

modules/ROOT/pages/data-report-v2-api.adoc

@@ -198,6 +198,11 @@ In the `POST` request body, specify the GUID or name of the Liveboard as `metada
 The default `file_format` is CSV. For PDF and PNG file format, you can specify additional parameters to customize the page orientation and include or exclude the cover page, logo, footer text, and page numbers.
 For PNG file format, you can include cover page and filters.
 
+[NOTE]
+====
+The downloadable file returned in API response file is extensionless. You need to rename the downloaded file by typing in the relevant extension.
+====
+
 .**Example**
 [source,cURL]
 ----
@@ -276,6 +281,12 @@ curl -X POST \
 }'
 ----
 
+[NOTE]
+====
+* The downloadable file returned in API response file is extensionless. You need to rename the downloaded file by typing in the relevant extension.
+* HTML rendering is not supported for PDF exports of Answers with tables.
+====
+
 == Pagination settings for Data and Report APIs
 
 When you make REST API calls to some v2 Data endpoints to query data, the API may return many rows of data in response. By default, the following parameters are set in API requests to the v2 Data API endpoints: