This isn't a technical question but one about best practices when using Metabase.
Gregory MS is a website built using a static site generator (Hugo). Some pages contain questions and dashboards, and the user can only download the data if I embed the dashboard with the embed token.
For example: https://gregory-ms.com/observatory/ocrelizumab/
From my perspective there isn't too much of a problem in sharing the token per se. Or is there some security issue I am missing?
So the example is using Public Sharing, not Signed Embedding.
Are you trying to do Signed Embedding? If yes, then the embedding secret should never be exposed to the end-user, so it would require some server-side function that generates the token for you.
yes that is exactly what I am trying to do.
In that case I need to think of some way to build the site and allow the visitors to view the embed. The site rebuilds every hour, would setting a 60 minute token be a good way to go about this?
@brunoamaral That's an option - I would probably do something like 70 minutes in case someone visits 2 seconds before the rebuild, then they can still browse for 10 minutes.