Merge pull request #306 from thoughtspot/main

10.8-0 doc publication

Author: ShashiSubramanya

gatsby-node.js

@@ -2,6 +2,7 @@ const fsExtra = require('fs-extra');
 const {
     DOC_NAV_PAGE_ID,
     NOT_FOUND_PAGE_ID,
+    VERSION_DROPDOWN,
 } = require('./src/configs/doc-configs');
 const { getDocLinkFromEdge } = require('./src/utils/gatsby-utils.js');
 
@@ -84,4 +85,22 @@ exports.createPages = async function ({ actions, graphql }) {
             });
         }
     });
+
+    VERSION_DROPDOWN.forEach((version) => {
+        if (version.link === ' ' || !version.iframeUrl) {
+            return;
+        }
+
+        const versionPath = version.link.startsWith('/')
+            ? version.link.substring(1)
+            : version.link;
+
+        actions.createPage({
+            path: `/${versionPath}`,
+            component: require.resolve(
+                './src/components/DevDocTemplate/index.tsx',
+            ),
+            context: { iframeUrl: version.iframeUrl },
+        });
+    });
 };

modules/ROOT/pages/3rd-party-script.adoc

@@ -0,0 +1,67 @@
+= Integrate external tools and allow custom scripts
+:toc: true
+:toclevels: 2
+
+:page-title: Integrate external tools and allow scripts
+:page-pageid: external-tool-script-integration
+:page-description: Security settings for embedding
+
+ThoughtSpot supports integrating third-party apps such as Mixpanel, Pendo, LogRocket, and more in your embed. If you are using third-party tools to track usage, trace, log, or onboard your application users, you can seamlessly integrate these tools with ThoughtSpot embed and add custom JavaScripts. This feature is disabled by default on ThoughtSpot instances. To enable this feature, contact ThoughtSpot Support.
+
+[IMPORTANT]
+====
+While ThoughtSpot allows the injection of custom JavaScripts, it is important to be aware of the associated security risks, particularly Cross-Site Scripting (XSS). XSS is a vulnerability that can enable malicious actors to inject and execute unauthorized scripts within a trusted environment. This can lead to data breaches, unauthorized access to user sessions, and compromised system integrity. ThoughtSpot strongly recommends reviewing security guidelines before activating this feature in your instances and exercising caution when integrating third-party tools into your embedded application.
+====
+
+== Security considerations
+
+Before requesting ThoughtSpot Support to enable this feature on your instance, do the following:
+
+* Review the security risks associated with custom-hosted scripts and understand the potential consequences of XSS attacks.
+* Implement security controls and measures to validate hosted scripts and mitigate potential vulnerabilities.
+
+== Feature enablement
+
+Enabling third-party tools on embed involves two steps:
+
+. Request for feature activation and provide the script details to ThoughtSpot Support
+. Adding the script sources to the CSP allowlist
+
+=== Request for feature enablement
+
+Create a ThoughtSpot Support ticket to enable the feature on your instance. In your request, specify the domain URLs that will host the scripts in your embedding environment.
+
+Wait for ThoughtSpot Support to validate, approve, and configure the URL for your instance. This step will ensure that only the trusted and vetted domains are allowed to run scripts in your application environment.
+
+=== Add script source to CSP allowlist
+After the script hosting URL is approved and configured by ThoughtSpot Support, you must add the JavaScript hosting domain to the CSP allowlist. This step requires administration privileges, so make sure you log in to ThoughtSpot with your administrator credentials.
+
+. In your ThoughtSpot application, navigate to *Develop* > *Customizations* > *Security Settings*.
+. If your instance has the Orgs feature enabled, ensure that you are in the *All Orgs* context.
+. On the *Security Settings* page, click *Edit* and turn on the *CSP script-src domains* toggle switch.
++
+[.widthAuto]
+[.bordered]
+image::./images/csp-script-domain.png[CSS script-src domain]
+. Add the script hosting domain.
+. Click *Save changes*.
+
+[NOTE]
+====
+* The *CSP script-src domains* section is visible to users with administrative privileges only if the third-party integration feature is enabled on your instance.
+* The *CSP script-src domains* cannot be enabled and configured at the Org level. When configured, this setting will apply to all the Orgs configured on your instance.
+====
+
+== Passing variables to the hosted script
+
+To pass variables to the customer's hosted script, Visual Embed SDK provides the `customVariablesForThirdPartyTools` parameter. The `customVariablesForThirdPartyTools` is an object containing the variables that you wish to pass to the customer’s hosted JavaScript. These may include private information such as credentials or keys. The hosted JavaScript will access these variables via the `window.tsEmbed` object.
+
+Developers can define this parameter in the **init()** function as shown in the following example. Once initialized, the JavaScript will run after the authentication is successfully completed in the ThoughtSpot Embed App.
+
+[source,JavaScript]
+----
+init({
+  //...
+  customVariablesForThirdPartyTools: { cloud: "123Basic" }
+});
+----

modules/ROOT/pages/api-auth-session.adoc

@@ -17,7 +17,7 @@ include::{path}/log-in-api.adoc[]
 A successful login returns a session cookie that can be used in your subsequent API calls. For more information, see xref:api-auth-session.adoc#sessionCookies[Session cookies for subsequent API calls].
 [NOTE]
 ====
-* If MFA [beta betaBackground]^Beta^ is enabled on your ThoughtSpot instance then basic authentication with only `username` and `password` will return an error.
+* If MFA is enabled on your ThoughtSpot instance then basic authentication with only `username` and `password` will return an error.
 Contact https://community.thoughtspot.com/customers/s/login/?ec=302&startURL=%2Fcustomers%2Fs%2Fcontactsupport[ThoughtSpot Support] for assistance.
 * Embedded users authenticating to ThoughtSpot with basic authentication are recommended to switch to `AuthType.TrustedAuthTokenCookieless`.
 * MFA can be enabled on your instance only if Identity and Access Management (IAMv2) is already enabled.

modules/ROOT/pages/api-changelog.adoc

@@ -8,6 +8,39 @@
 
 This changelog lists only the changes introduced in the Visual Embed SDK. For information about new features and enhancements available for embedded analytics, see xref:whats-new.adoc[What's New].
 
+
+== Version 1.37.0, April 2025
+
+[width="100%" cols="1,4"]
+|====
+|[tag greenBackground]#NEW FEATURE#  a|
+The SDK now provides the `customVariablesForThirdPartyTools` setting to pass custom variables when integrating third-party tools and running custom scripts in your embed. Developers can define this object in the **init()** function and add variables as key-value pair.
+This feature is available only if third-party integration is enabled on your instance and script hosting domain URL is added to the CSP allowlist.
+
+For more information, see xref:3rd-party-script.adoc[Integrate third-party tools and allow custom scripts].
+
+|[tag greenBackground]#NEW FEATURE#  a|
+You can now exclude search token string from the application URL by setting `excludeSearchTokenStringFromURL` to `true` in your embed with ThoughtSpot token-based Search or Search bar.
+
+|[tag greenBackground]#NEW FEATURE#  a| This version of the SDK supports the following embed and host events:
+
+Embed Events::
+
+* `EmbedEvent.TableVizRendered` +
+Emits when a table visualization is rendered in the ThoughtSpot embedded app. You can also use this event as a hook to trigger host events such as `HostEvent.TransformTableVizData` on the table visualization. For more information, see the link:https://developers.thoughtspot.com/docs/Enumeration_EmbedEvent#_tablevizrendered[SDK reference documentation].
+
+* `EmbedEvent.CreateLiveboard` +
+Emits when a Liveboard is created.
+
+Host Events::
+
+* `HostEvent.TransformTableVizData` +
+Triggers the table visualization re-render with the updated data. You can use this event in conjunction with `EmbedEvent.TableVizRendered` to apply the modifications to table visualization payload.
+
+* `HostEvent.Remove` +
+Triggers the *Delete* action on a Liveboard.
+|====
+
 == Version 1.36.0, February 2025
 
 [width="100%" cols="1,4"]

modules/ROOT/pages/authentication.adoc

@@ -20,7 +20,7 @@ In this method, a REST client sends the `username` and `password` to authenticat
 xref:authentication.adoc#trusted-auth-v2[Trusted authentication];;
 In this method, the REST client must send the `username` and `secret_key` in the API request to obtain an authentication token. The `secret_key` is generated if **Trusted authentication** is enabled on your ThoughtSpot instance.
 
-Multifactor authentication (MFA):: [beta betaBackground]^Beta^
+Multifactor authentication (MFA)::
 +
 ThoughtSpot now supports multifactor authentication (MFA) for environments using local authentication with Identity and Access Management (IAMv2). If MFA  is enabled on your ThoughtSpot instance,
 

modules/ROOT/pages/common/nav.adoc

@@ -13,6 +13,7 @@
 
 ** link:{{navprefix}}/embed-sdk-changelog[SDK and API changelog]
 *** link:{{navprefix}}/embed-sdk-changelog[Visual Embed changelog]
+*** link:{{navprefix}}/mobile-sdk-changelog[Mobile Embed SDK changelog]
 *** link:{{navprefix}}/rest-v1-changelog[REST API v1 changelog]
 *** link:{{navprefix}}/rest-v2-changelog[REST API v2 changelog]
 ** link:{{navprefix}}/deprecated-features[Deprecation announcements]
@@ -57,16 +58,23 @@
 
 * link:{{navprefix}}/getting-started[Embed ThoughtSpot]
 ** link:{{navprefix}}/getting-started[Quickstart Guide]
-** link:{{navprefix}}/tsembed[Embed a ThoughtSpot component]
-*** link:{{navprefix}}/embed-liveboard[Embed a Liveboard]
-*** link:{{navprefix}}/embed-a-viz[Embed a visualization]
-*** link:{{navprefix}}/full-embed[Embed full application]
-*** link:{{navprefix}}/search-embed[Embed search page]
-*** link:{{navprefix}}/embed-nls[Embed Natural Language Search]
-*** link:{{navprefix}}/embed-spotter[Embed Spotter]
-*** link:{{navprefix}}/embed-searchbar[Embed search bar]
+** link:{{navprefix}}/tsembed[Embed ThoughtSpot in Web app]
+*** Embed analytics
+**** link:{{navprefix}}/embed-liveboard[Embed a Liveboard]
+**** link:{{navprefix}}/embed-a-viz[Embed a visualization]
+*** Embed natural language search
+**** link:{{navprefix}}/embed-spotter[Embed Spotter]
+**** link:{{navprefix}}/tutorials/spotter/integrate-into-chatbot[Integrate Spotter interface into a Chatbot]
+**** link:{{navprefix}}/embed-nls[Embed Natural Language Search (legacy interface)]
+*** Embed full app experience
+**** link:{{navprefix}}/full-embed[Embed full app]
+**** link:{{navprefix}}/full-app-customize[Customize full application embedding]
+*** Embed token-based Search
+**** link:{{navprefix}}/search-embed[Embed Search]
+**** link:{{navprefix}}/embed-searchbar[Embed search bar]
 *** link:{{navprefix}}/react-app-embed[Embed with React components]
-
+** Embed ThoughtSpot in a mobile app
+*** link:{{navprefix}}/embed-ts-mobile-react-native[Embed using React Native SDK ^Beta^]
 ** Customize and integrate
 *** link:{{navprefix}}/style-customization[Customize UX and styles]
 **** link:{{navprefix}}/customize-style[Customize basic styles]
@@ -96,7 +104,6 @@
 ***** link:{{navprefix}}/custom-action-payload[Callback response payload]
 
 *** link:{{navprefix}}/in-app-navigation[Create dynamic menus and navigation]
-*** link:{{navprefix}}/full-app-customize[Customize full application embedding]
 *** link:{{navprefix}}/customize-links[Customize links]
 *** link:{{navprefix}}/set-locale[Customize locale]
 *** link:{{navprefix}}/custom-domain-config[Custom domain configuration]
@@ -143,6 +150,7 @@ include::generated/typedoc/CustomSideNav.adoc[]
 *** link:{{navprefix}}/prefetch[Prefetch static resources]
 *** link:{{navprefix}}/prerender[Prerender components]
 ** link:{{navprefix}}/security-settings[Security settings]
+*** link:{{navprefix}}/external-tool-script-integration[Integrate external tools and scripts]
 ** Other embedding methods
 *** link:{{navprefix}}/embed-without-sdk[Embed without SDK]
 *** link:{{navprefix}}/custom-viz-rest-api[Create a custom visualization]

modules/ROOT/pages/data-report-v2-api.adoc

@@ -81,7 +81,7 @@ curl -X POST \
 ----
 
 === Fetch Liveboard Data API
-To get data from a Liveboard object and its visualizations via `POST /api/rest/2.0/metadata/liveboard/data` endpoint, your user account must have the `DATADOWNLOADING` (*Can download Data*) privilege and at least view access to the Liveboard specified in the API request.
+To get data from a Liveboard object and its visualizations via `POST /api/rest/2.0/metadata/liveboard/data` endpoint, your user account must have at least view access to the Liveboard specified in the API request.
 
 The API request body must include the name or GUID of the Liveboard to fetch data. To get specific visualizations from a given Liveboard, add the names or GUIDs of the visualizations in the  `visualization_identifiers` array.
 
@@ -191,7 +191,7 @@ Download data from a saved Answer in PDF, PNG, CSV, or XLSX file format.
 
 === Liveboard Report API
 
-To download a Liveboard report via `/api/rest/2.0/report/liveboard` API, you need `DATADOWNLOADING` (*Can download Data*) privilege and at least view access to the Liveboard specified in the API request.
+To download a Liveboard report via `/api/rest/2.0/report/liveboard` API, you need at least view access to the Liveboard specified in the API request.
 
 In the `POST` request body, specify the GUID or name of the Liveboard as `metadata_identifier`. To download reports with specific visualizations, add GUIDs or names of the visualizations in the `visualization_identifiers`.
 
@@ -227,6 +227,59 @@ curl -X POST \
 }'
 ----
 
+==== Override filters
+
+If the Liveboard has filters applied and you want to override the filters before downloading the Liveboard, you can specify the filters in the `override_filters` array.
+
+[source,JSON]
+----
+curl -X POST \
+  --url 'https://{ThoughtSpot-Host}/api/rest/2.0/report/liveboard'  \
+  -H 'Content-Type: application/json' \
+  -H 'Authorization: Bearer {access-token}' \
+  --data-raw '{
+  "metadata_identifier": "9bd202f5-d431-44bf-9a07-b4f7be372125",
+  "file_format": "PNG",
+  "override_filters": [
+    {
+      "column_name": "Color",
+      "generic_filter": {
+        "op": "IN",
+        "values": [
+          "almond",
+          "turquoise"
+        ]
+      },
+      "negate": false
+    },
+    {
+      "column_name": "Commit Date",
+      "date_filter": {
+        "datePeriod": "HOUR",
+        "number": 3,
+        "type": "LAST_N_PERIOD",
+        "op": "EQ"
+      }
+    },
+    {
+      "column_name": "Sales",
+      "generic_filter": {
+        "op": "BW_INC",
+        "values": [
+          "100000",
+          "70000"
+        ]
+      },
+      "negate": true
+    }
+  ],
+  "png_options": {
+    "include_cover_page": true,
+    "include_filter_page": true
+  }
+}'
+----
+
 [#transient-lb-content]
 ==== Liveboard data with unsaved changes
 
@@ -258,7 +311,7 @@ See also, link:https://developers.thoughtspot.com/docs/Enumeration_HostEvent#_ge
 
 === Answer Report API
 
-To download Answer data via `/api/rest/2.0/report/answer` API, you need `DATADOWNLOADING` privilege and at least view access to the saved Answer.
+To download Answer data via `/api/rest/2.0/report/answer` API, you need at least view access to the saved Answer.
 
 In the request body, specify the GUID or name of the Answer object as `metadata_identifier`.
 

modules/ROOT/pages/deprecated-features.adoc

@@ -10,16 +10,19 @@ As ThoughtSpot applications evolve, some existing features will be deprecated an
 
 == Deprecated features
 
-[width="100%" cols="4,5,2,4"]
+[width="100%" cols="4,5,4,4"]
 [options='header']
 |=====
-|Feature|Impacted interface and release versions|Deprecation announcement date|Deprecation date
+|Feature|Impacted interface and release versions|Deprecation date |End of Support / removal from the product
+a|xref:deprecated-features.adoc#SageDeprecationNotice[Sage Search and Ask Sage] a|
+* ThoughtSpot Cloud 10.13.0.cl and later
+* Visual Embed SDK version 1.40.0 and later
+| September 2025 | September 2025
 a|xref:deprecated-features.adoc#connectionAPIs[Delete and update connection API v2 endpoints]
 
 a|REST API v2 +
 
-* ThoughtSpot Cloud 10.4.0.cl and later|November 2024 a| *Deprecated in*: November 2024 +
-*End of support*: September 2025
+* ThoughtSpot Cloud 10.4.0.cl and later|November 2024 a| September 2025
 
 |xref:deprecated-features.adoc#IAMv1[IAMv1] a|
 
@@ -41,7 +44,6 @@ a|REST API v2 +
 * ThoughtSpot Software 10.1.0.sw and later|February 2024| August 2024
 |xref:deprecated-features.adoc#_page_title_customization[Page title customization] a|Application UI +
 
-
 * ThoughtSpot Cloud 10.1.0.cl and later
 * ThoughtSpot Software 10.1.0.sw and later|February 2024| August 2024
 |xref:deprecated-features.adoc#_application_background_customization_via_ui[Application Background style customization] a|Application UI +
@@ -71,6 +73,27 @@ a|xref:deprecated-features.adoc#_deprecated_parameter_in_rest_api_v2_0_authentic
 ||||
 |=====
 
+[#SageDeprecationNotice]
+== Sage and Ask Sage deprecation
+
+The Sage Search (the legacy Natural Language Search interface) and *Ask Sage* features will be deprecated in version 10.13.0.cl, which is scheduled for release in September 2025.
+Along with this, the xref:SageEmbed.adoc[SageEmbed] library in the Visual Embed SDK will also be deprecated.
+
+//with no new enhancements or bug fixes supported after July 2025.
+
+Impact on your instance::
+This change will impact all ThoughtSpot instances and applications that use the xref:embed-nls.adoc[Natural Language Search (legacy) interface embedded using the SageEmbed] library in Visual Embed SDK.
+
+Recommended action::
+Customers using the legacy Natural Language Search interface and *Ask Sage* in their embedding applications are advised to upgrade to Spotter. We recommend that you start using Spotter by the 10.11.0.cl release (July 2025), so that you have sufficient time to test your rollout. +
+Spotter provides advanced natural language search capabilities and a conversational interface to allow users to interact with the AI analyst and ask follow-up questions. To know more about Spotter and learn how to embed Spotter in your embedding application, refer to the following documentation:
+
+* link:https://www.thoughtspot.com/product/ai-analyst[About Spotter, window=_blank]
+* xref:embed-spotter.adoc[How to embed Spotter]
+* link:https://docs.thoughtspot.com/cloud/latest/spotter[How to use Spotter, window=_blank]
++
+For additional queries and assistance, contact ThoughtSpot Support.
+
 [#connectionAPIs]
 == Delete and update connection API v2 endpoints
 The following Connection API v2 endpoints are deprecated and will be removed from the product in September 2025: +
@@ -225,7 +248,7 @@ Effective from::
 * ThoughtSpot Cloud 8.8.0.cl
 * ThoughtSpot Software 9.0.1.sw
 
-=== Recommended action::
+=== Recommended action
 Use the new version of REST API v2.0 endpoints and SDK versions available for these endpoints. For more information, see xref:rest-api-sdk-libraries.adoc[REST API v2.0 SDKs].
 
 ==== Documentation

modules/ROOT/pages/embed-authentication.adoc

@@ -68,7 +68,7 @@ a| Do not use this method if you don’t want the SDK to redirect your entire ap
 * If you want to use local authentication with ThoughtSpot `username` and `password`.
 * If you are developing or testing code for embedding ThoughtSpot in your host app. a|
 * Do not use this authentication method in production environments. +
-* This authentication will fail if multifactor authentication (MFA) [beta betaBackground]^Beta^ is enabled on your ThoughtSpot instance. Contact https://community.thoughtspot.com/customers/s/login/?ec=302&startURL=%2Fcustomers%2Fs%2Fcontactsupport[ThoughtSpot Support] for assistance.
+* This authentication will fail if multifactor authentication (MFA) is enabled on your ThoughtSpot instance. Contact https://community.thoughtspot.com/customers/s/login/?ec=302&startURL=%2Fcustomers%2Fs%2Fcontactsupport[ThoughtSpot Support] for assistance.
 |=====
 
 == User accounts