Tableau Extensions Settings Methods
Tableau extensions settings control which dashboard extensions are allowed to run on a Tableau Server, and on a site on Server or Cloud.
Server rules have the form of a "blocklist" that contains domain names. Site rules consist of a "safelist" that contains extension URLs. If a domain is on a server's blocklist, then no extension under that domain can run on that server. If the URL of an extension is not on the safelist for a site, then that extension cannot run on that site. The server blocklist takes precedence, so if the domain of an extension URL is on the server blocklist it is not allowed on a site even if that extension's URL is on the site safelist.
Server rules have the form of a "blocklist" that contains domain names. Site rules consist of a "safelist" that contains extension URLs. If a domain is on a server's blocklist, then no extension under that domain can run on that server. If the URL of an extension is not on the safelist for a site, then that extension cannot run on that site. The server blocklist takes precedence, so if the domain of an extension URL is on the server blocklist it is not allowed on a site even if that extension's URL is on the site safelist.
Using the site methods of the Tableau Server REST API you can:
- Enable or disable dashboard extensions at the site or server level
- List the dashboard settings of a site or server
This functionality relates to the UI elements and concepts described at: Sites Overview(Link opens in a new window).
List Tableau extensions server settings
Lists the settings for extensions of a server.
Version: Available in API 3.21 (Tableau Server 2023.3) and later. Not available for Tableau Cloud. Version Overview(Link opens in a new window)
License: No additional license required.
Permissions: This method can only be called by users with server administrator permissions. Permissions Overview(Link opens in a new window)
JWT Access Scope: Not available.
URI
GET /api/api-version/settings/extensions
URI Parameter Values
| api-version | The version of the API to use, such as 3.22. For more information, see REST API and Resource Versions.
|
Request Body
None
cURL Request Example
curl --location http://MY-SERVER/api/3.22/settings/extensions" --header "X-Tableau-Auth: SBGBfOYRSN2JoFe866wpIg|hLI0ZzWmK3xfMtwD8WoztCMqfWaFdcCj|a946d998-2ead-4894-bb50-1054a91dcab3"
Response Code
200
Response Body
Errors
| HTTP status | error Code |
Condition | Details |
|---|---|---|---|
| 400 | 400000 | Bad Request | The content of the request body is missing or incomplete, or contains malformed XML. |
| 401 | 401002 | Unauthorized Access | The authentication token provided in the request header was invalid or has expired. |
| 403 | 403000 | Non-admin access forbidden | The client attempted to access an API method while signed in as a non-administrator user. |
| 404 | 404000 | Bad Request | The requested resource could not be found. |
| 500 | 500000 | Internal Server Error | The request could not be completed. |
For more information, see Handling Errors.
List Tableau extensions site settings
Lists the settings for extensions of a site.
Version: Available in API 3.21 (Tableau Cloud June 2023 / Tableau Server 2023.3) and later. Version Overview(Link opens in a new window)
License: No additional license required.
Permissions: This method can only be called by users with site or server administrator permissions. Permissions Overview(Link opens in a new window)
JWT Access Scope: Not available.
URI
GET /api/api-version/sites/site-luid/settings/extensions
URI Parameter Values
| api-version | The version of the API to use, such as 3.22. For more information, see REST API and Resource Versions.
|
| site-luid | The LUID for the site. |
Request Body
None
cURL Request Example
curl --location "http://MY-SERVER/api/3.22/sites/a946d998-2ead-4894-bb50-1054a91dcab3/settings/extensions " --header "X-Tableau-Auth: SBGBfOYRSN2JoFe866wpIg|hLI0ZzWmK3xfMtwD8WoztCMqfWaFdcCj|a946d998-2ead-4894-bb50-1054a91dcab3"
Response Code
200
Response Body
<tsResponse>
<extensionsSiteSettings>
<extensionsEnabled>true</extensionsEnabled>
<useDefaultSetting>false</useDefaultSetting>
<safeList>
<url>http://localhost:9123/Dynamic.html</url>
<fullDataAllowed>true</fullDataAllowed>
<promptNeeded>true</promptNeeded>
</safeList>
</extensionsSiteSettings>
</tsResponse>{
"extensionsEnabled": "true",
"useDefaultSetting": "false",
"safeList": {
"url": "http://localhost:9123/Dynamic.html",
"fullDataAllowed": "true",
"promptNeeded": "true"
}
}Errors
| HTTP status | error Code |
Condition | Details |
|---|---|---|---|
| 400 | 400000 | Bad Request | The content of the request body is missing or incomplete, or contains malformed XML. |
| 401 | 401002 | Unauthorized Access | The authentication token provided in the request header was invalid or has expired. |
| 403 | 403000 | Non-admin access forbidden | The client attempted to access an API method while signed in as a non-administrator user. |
| 404 | 404000 | Site Not Found | The site ID in the URI doesn't correspond to an existing site. |
| 500 | 500000 | Internal Server Error | The request could not be completed. |
For more information, see Handling Errors.
Update Tableau extensions server settings
Updates the settings for extensions of a server.
Version: Available in API 3.21 ( Tableau Server 2023.3) and later. Not available for Tableau Cloud. Version Overview(Link opens in a new window)
License: No additional license required.
Permissions: This method can only be called by users with server administrator permissions. Permissions Overview(Link opens in a new window)
JWT Access Scope: Not available.
URI
PUT /api/api-version/settings/extensions
URI Parameter Values
| api-version | The version of the API to use, such as 3.22. For more information, see REST API and Resource Versions.
|
Request Body
<tsRequest>
<extensionsServerSettings>
<extensionsGloballyEnabled>true</extensionsGloballyEnabled>
<blockList>https://test.com</blockList>
</extensionsServerSettings>
</tsRequest>
{
"extensionsServerSettings": {
"extensionsGloballyEnabled": "true",
"blockList": "https://test.com"
}
}Request Attributes
extensionsEnabled
|
Required. Boolean. If |
blocklist
|
(Optional) Array. A list of domains that are not allowed to serve extensions to the Tableau Server. Domains are in the form of
(Optional) String. The URL of the extension you want to from the server. |
cURL Request Example
curl --location --request PUT "http://MY-SERVER/api/3.22/settings/extensions" --header "Content-Type: application/xml" --header "X-Tableau-Auth: YqB9_MHoTHO26HGsFBFEBg|bQDOIH4MsqFGvUDYTrRYh633vrZHBt6d|a946d998-2ead-4894-bb50-1054a91dcab3" --data "
Response Code
200
Response Body
Errors
| HTTP status | error Code |
Condition | Details |
|---|---|---|---|
| 400 | 400000 | Bad Request | The content of the request body is missing or incomplete, or contains malformed XML. |
| 401 | 401002 | Unauthorized Access | The authentication token provided in the request header was invalid or has expired. |
| 403 | 403000 | Non-admin access forbidden | The client attempted to access an API method while signed in as a non-administrator user. |
| 404 | 404000 | Bad Request | The requested resource could not be found. |
| 500 | 500000 | Internal Server Error | The request could not be completed. |
For more information, see Handling Errors.
Update Tableau extensions site settings
Updates the settings for extensions of a site.
Version: Available in API 3.21 (Tableau Cloud June 2023 / Tableau Server 2023.3) and later. Version Overview(Link opens in a new window)
License: No additional license required.
Permissions: This method can only be called by users with site or server administrator. Permissions Overview(Link opens in a new window)
JWT Access Scope: Not available.
URI
PUT /api/api-version/sites/site-luid/settings/extensions
URI Parameter Values
| api-version | The version of the API to use, such as 3.22. For more information, see REST API and Resource Versions.
|
| site-luid | The LUID for the site. |
Request Body
<tsRequest>
<extensionsSiteSettings>
<extensionsEnabled>true</extensionsEnabled>
<useDefaultSetting>false</useDefaultSetting>
<safeList>
<url>http://localhost:9123/Dynamic.html</url>
<fullDataAllowed>true</fullDataAllowed>
<promptNeeded>true</promptNeeded>
</safeList>
</extensionsSiteSettings>
</tsRequest>
{
"extensionsSiteSettings": {
"extensionsEnabled": "true",
"useDefaultSetting": "false",
"safeList": {
"url": "http://localhost:9123/Dynamic.html",
"fullDataAllowed": "true",
"promptNeeded": "true"
}
}
}Request Attributes
extensionsEnabled
|
Required. Boolean. If true, extensions are allowed to run on the site. If false, no extensions are aloowed to run on the site even if their URL is in the site safelist. |
useDefaultSetting
|
(Optional) Boolean. If extensions are enabled on the server, the default settings allow extensions to run on a site, provided the extension is not specifically blocked on the server. |
safeList url
|
(Optional) Array. The list of URLs of the extensions allow to run on the site. An extension permissions to run an a site are also dependent on the domain of the URL not being present on the server blocklist, and server and site extension enablement being Note that updating the safelist replaces the existing list with the new list. If you want to add a URL to the existing list, you must also include the existing URLs in the new list. |
safeList fullDataAllowed
|
(Optional) Boolean. Set to true to allow the extension full access to the underlying data. By default, when you add an extension to the safe list, the extension only has access to the summary (or aggregated) data. Many extensions require full data access to function properly. |
safeList promptNeeded
|
(Optional) Boolean. The prompt tells users details about the extension and whether the extension has access to full data. Set to true to give users the ability to allow or deny the extension from running. Set to false to hide this prompt from users, allowing the extension to run immediately. |
cURL Request Example
curl --location --request PUT http://MY-SERVER/api/3.22/sites/a946d998-2ead-4894-bb50-1054a91dcab3/settings/extensions " --header "Content-Type: application/xml" --header "X-Tableau-Auth: YqB9_MHoTHO26HGsFBFEBg|bQDOIH4MsqFGvUDYTrRYh633vrZHBt6d|a946d998-2ead-4894-bb50-1054a91dcab3" --data "
Response Code
200
Response Body
<tsResponse>
<extensionsSiteSettings>
<extensionsEnabled>true</extensionsEnabled>
<useDefaultSetting>false</useDefaultSetting>
<safeList>
<url>http://localhost:9123/Dynamic.html</url>
<fullDataAllowed>true</fullDataAllowed>
<promptNeeded>true</promptNeeded>
</safeList>
</extensionsSiteSettings>
</tsResponse>{
"extensionsSiteSettings": {
"extensionsEnabled": "true",
"useDefaultSetting": "false",
"safeList": {
"url": "http://localhost:9123/Dynamic.html",
"fullDataAllowed": "true",
"promptNeeded": "true"
}
}
}Errors
| HTTP status | error Code |
Condition | Details |
|---|---|---|---|
| 400 | 400000 | Bad Request | The content of the request body is missing or incomplete, or contains malformed XML. |
| 401 | 401002 | Unauthorized Access | The authentication token provided in the request header was invalid or has expired. |
| 403 | 403000 | Non-admin access forbidden | The client attempted to access an API method while signed in as a non-administrator user. |
| 404 | 404000 | Site Not Found | The site ID in the URI doesn't correspond to an existing site. |
| 500 | 500000 | Internal Server Error | The request could not be completed. |
For more information, see Handling Errors.