MENU
MySQL Reports

SRM Modules – Embed Manager

Easily embed reports, dashboards, and analytics into your PHP application with the SRM Embed Manager


The Smart Report Maker Embed Manager makes it easy to embed dashboards, reports, charts, KPIs, and pivot tables—created in SRM using your MySQL databases—directly into any PHP-based application, securely and without writing any code, while still preserving full interactivity. Your users can drill down, filter data, and export results directly from within your application.

Moreover, whether you’re embedding private resources for authenticated users or public resources for wider access, the Embed Manager gives you complete control over permissions, access rules, customization options, and display settings.



Benefits of the SRM Embed Manager

  • Full interactivity is preserved — including drill-down, filtering, exporting, and linked navigation.
  • No coding required — embed files are automatically generated for you.
  • Works with both public and private resources using different embed methods.
  • Secure access using Access Keys with permissions and origin restrictions.
  • Every access to private embedded resources is logged — you can view full access details in the Smart Report Maker logs under the Embed Manager.
  • Custom code support (headers, authentication, layout) via Embed Preferences.
  • Signed links and expiring embed tokens protect private content
  • Compatible with PHP apps, internal systems, portals, and frameworks
  • WordPress users can embed using the official SRM WordPress plugin

Key Features of the Embed Manager

Access Keys (Security Layer)

Smart Report Maker offers two types of Access Keys when embedding private resources:

🔹 1. Full Access Key

Grants access to all Smart Report Maker resources.

  • Best for testing or admin-level embedding
  • Not recommended for production because it has no restrictions
🔹 2. Limited Access Key ✅ (Recommended)

Grants access only to the resources assigned to a specific permission group (e.g., Sales, HR, Finance).

  • Ideal for security and role-based embedding
  • Prevents access to unrelated or sensitive resources
Origin Types (Where embedding is allowed)

When generating an embed file for private resources, you must define where the embed is allowed to load from:

🔹 1. Same Origin

Choose this when Smart Report Maker and your PHP application are hosted under the same domain.

  • No extra setup required
  • Example:
    • app.example.com and reports.example.com
    • localhost during development
🔹 2. Approved Origins ✅ (Recommended when on different domains)

Use this when your application is hosted on a different domain than SRM.

  • You specify the allowed origin(s), such as:
    • https://myapp.com
    • https://portal.company.net
  • Embedding will only work from the domains you whitelist
🔹 3. Any Origin

Allows embedding from any domain without restriction.

  • Useful for temporary demos or public resources
  • Not recommended for private or sensitive content

Time-Saving Embed Files

The Embed Manager generates ready-made PHP (or HTML) files containing:

  • Your selected resource
  • Custom code from preferences
  • Dimensions and settings
  • Correct Access Key configuration
  • Embed token expiration

You simply download the file and place it in your PHP project. No manual coding is required.

Embed Preferences

From the Embed Preferences page, you can define global settings that apply to every embed file you generate. This saves time and ensures consistency across multiple embedded resources.

  • No repeated editing inside each PHP file
  • Faster setup for multiple reports or dashboards
  • Consistent behavior across your application

Within the Embed Preferences, you can customize the following options:

1. Before-Embed PHP Code

Add custom PHP that runs before the embedded content loads.
Common use cases include:

  • Including your application’s header or layout
  • User authentication checks
  • Redirecting unauthorized users to your login page
  • Initializing session data or app variables

This is especially useful when embedding private resources across multiple files.

2. After-Embed Code

Add code that appears after the embedded content. Examples include:

  • Application footer
  • Closing layout wrappers
  • Additional JS or layout elements
  • Custom tracking or widgets
3. Embed Dimensions

Control how the resource is displayed by setting the width & height

4. Token Expiration Time

Define how long the embed token remains valid when accessing private resources.
You can set the duration in minutes to balance usability and security.

Full Feature Support After Embedding

Once embedded, your users can still:

  • Drill down
  • Filter
  • Export
  • Navigate linked resources
    —all from inside your own app.

Signed Links & Embed Tokens

Private resources are delivered through:

  • Signed requests using Access Keys
  • Temporary embed tokens with expiration
  • Optional origin whitelisting

This ensures only authorized applications can access embedded content.

WordPress Integration

If you’re embedding resources into WordPress, you can use the SRM WordPress plugin, which comes with the Embed Manager.

Access Control Log for Private Embeds

Every time a private resource is accessed through an embed, the action is automatically recorded. You can view all access activity directly from the “Access Control Log” inside the Embed Manager. This gives you full visibility over:

  • Which resource was accessed
  • Which Access Key was used
  • When the request occurred
  • From which origin it was triggered

This built-in logging feature adds an extra security layer and makes tracking and auditing private embeds effortless.


A screenshot from the Embed Manager of SRM

The Embed Manager of Smart Report Maker



Best Security Practices


To ensure safe and controlled embedding, follow the following recommendations:


1- Protect Private Embed Files with Your Application Login

For private embeds, make sure the embed files are placed in secured areas of your PHP application so they’re not accessed directly, but only by logged-in users. One way to enforce this is by adding your authentication check in the “Before Embed” section of the Embed Preferences. This ensures that each request is verified and any unauthorized user is redirected to your application’s login page before the resource loads. Since this code is added through the preferences, it will automatically apply to all embed files.

2- Restrict Access Keys to Approved Origins

When creating an Access Key, make sure embedding is restricted to trusted locations by choosing one of the following:

  • Approved Origins – select this option if your PHP application is hosted on a different domain. Then, add your application’s domain as an approved origin during Access Key setup.
  • Same Origin – choose this option if Smart Report Maker and your application are hosted on the same domain or subdomain. In this case, you don’t need to add any external origins.
3- Assign Access Keys to Specific Permission Groups

Avoid using full-access keys whenever possible. Instead, create a limited Access Key and assign it to a permission group (e.g., Sales, Finance, HR) that already has access to the specific resources you plan to embed.

Frequently Asked Questions (FAQ)


Q: Can the Embed Manager allow me to embed any resource into my own PHP applications?

A: Yes. You can embed any type of resource created in Smart Report Maker—such as reports, dashboards, charts, pivot tables, and KPIs—into your own PHP applications.

Q: Can users interact with embedded dashboards and reports, or are they static?

A: Embedded dashboards and reports are fully interactive. Users can use filtering, linked reports, drill-down, search, paging, and sorting, just as they would inside Smart Report Maker.

Q: Will SRM menus and panels be visible inside my application?

A: No. Only the embedded resources (reports, charts, dashboards, pivot tables, and KPIs) are displayed. SRM menus and panels are not shown, and you can brand the embedded content with your own logo.

Q: Can I restrict embedding so it works only within my own PHP applications?

A: Yes. You can restrict embedding by configuring the origin settings:

  • Use same-origin if Smart Report Maker and your application are hosted on the same website.
  • Use approved origins if they are hosted on different websites, and allow only your application’s domain.

Additionally, it is strongly recommended to use access keys that have permissions limited only to the specific resources you want to embed.

Q: If I have multiple clients or applications using a single SRM installation, how can I manage embedding for each one?

A: You can use a single Smart Report Maker installation to serve multiple applications or clients by creating a separate access key for each client or application. Each access key can:

  • Be restricted to specific resources
  • Be limited to the client’s website as an approved origin

Smart Report Maker also supports multiple database connections, allowing you to connect to and report on data from multiple sources within the same installation.

Q: Can I customize the embed scripts?

A: Yes. The embed script is a native PHP file and can be customized as needed. Clear comments in the file indicate where custom code can be safely added.
If you have shared code that should apply to all embedded resources, you can define it once in “Embed Preferences” under the “Embed Manager”, and it will be applied globally.

Related Links