Build web solutions

Leveraging the Qlik platform in web solutions is an increasingly popular thing to do. Often it revolved around using analytics, in others about managing deployments.

Some example use cases suitable for web applications:

  • Rendering visualizations from the Qlik Sense client on websites
  • Connect to the Qlik Associative Engine and create custom analytics
  • Create custom administration pages to for example trigger reloads

Note: You need to have a web integration configured, see more about what this is and how to set one up on the Web integrations page.

Single-sign on

Before you can utilize the Qlik platform in your web solution, your web application user must be signed in. This is how that works:

  1. Validate that your user is signed in to your tenant: in your web application, do a request to for example https://your-tenant.us.qlikcloud.com/api/v1/users/me. If this succeeds, your user has a valid session and you may now interact with the platform.
  2. If the previous step failed (non-200 HTTP status code), you need to redirect your user to https://your-tenant.us.qlikcloud.com/login?returnto=<full address to your web application>&qlik-web-integration-id=xyz where they need to log in using the configured identity provider for the tenant. When it succeeds, they're redirected back to the returnto URL (your web application).

Cross-Site Request Forgery (CSRF)

The Qlik platform has counter-measures against Cross-Site Request Forgery (CSRF). Any web solution interacting with the platform needs to provide a valid CSRF token on all non-GET REST calls, including websocket connections.

Once a user is signed it, the CSRF token can be fetched by doing a request to /api/v1/csrf-token:

> GET /api/v1/csrf-token
> content-type: application/json
> cookie: ...

< HTTP/1.1 204
< qlik-csrf-token: xyz

Note: The CSRF token is returned as a header, not in the body of the HTTP response.

Once you have retrieved a CSRF token, it's valid until the user session ends. This token must be passed in as a header when doing REST calls (qlik-csrf-token: xyz), and in websocket connections it's passed in as a query parameter: ?qlik-csrf-token=xyz.

Web apps

When the terminology "web apps" is used in the context of Qlik Sense, it means a web-based applications in which you want to use the various Qlik backend APIs.

Generally this means:

  • not having to fetch any front-end files (CSS, JavaScript, etc.) from a Qlik deployment
  • where you as the implementor may use any technology of your choice to build your solution
  • wants to build custom visualizations, analytical interfaces, or perhaps administration UIs

Mashups

In the Qlik world, "mashups" usually means to use the Qlik Sense capability APIs and other various front-end files that's hosted by a Qlik deployment, by using those files you also get things like require.js, angular.js, and other dependencies which may not always be optimal for your use case. However, using the mashup approach enables you to embed existing Qlik Sense visualizations (or create new ones on the fly). Mashups are a subset of "web apps."