Get Free Trial
  1. API reference
  2. Welcome
    1. Introduction
    2. Get Flexmonster
    3. Quick start
    4. System requirements
    5. Troubleshooting
    6. Managing license keys
    7. Migrating from WebDataRocks to Flexmonster
  3. Integration with frameworks
    1. Available tutorials
    2. Angular
      1. Integration with Angular
      2. Flexmonster usage in Angular
    3. React
      1. Integration with React
      2. Flexmonster usage in React
    4. Vue
      1. Integration with Vue 2
      2. Flexmonster usage in Vue 2
      3. Integration with Vue 3
      4. Flexmonster usage in Vue 3
    5. Other integrations
      1. Integration with Python
        1. Integration with Django
        2. Integration with Jupyter Notebook
      2. Integration with React Native
      3. Integration with Blazor
      4. Integration with AngularJS (v1.x)
      5. Integration with TypeScript
      6. Integration with R Shiny
      7. Integration with jQuery
      8. Integration with Ionic
      9. Integration with Electron.js
      10. Integration with Webpack
      11. Integration with RequireJS
  4. Connecting to Data Source
    1. Supported data sources
    2. JSON
      1. Connecting to JSON
      2. Connecting to JSON using Flexmonster Data Server
      3. Managing data presentation in JSON
    3. CSV
      1. Connecting to CSV
      2. Connecting to CSV using Flexmonster Data Server
      3. Managing data presentation in CSV
    4. Database
      1. Connecting to SQL databases
      2. Connecting to a MySQL database
      3. Connecting to a Microsoft SQL Server database
      4. Connecting to a PostgreSQL database
      5. Connecting to an Oracle database
    5. Flexmonster Data Server
      1. Introduction to Flexmonster Data Server
      2. Getting started with Flexmonster Data Server
      3. Flexmonster Admin Panel Guide
      4. Data sources guide
      5. Security and authorization guide
      6. The Data Server as a DLL
        1. Getting started with the Data Server as a DLL
        2. Referencing the Data Server as a DLL
        3. Implementing the API controller
        4. Implementing the server filter
        5. Implementing the custom parser
        6. DLL configurations reference
        7. The controller's methods for request handling
      7. The Data Server as a console application
        1. Installing the Data Server as a console application
        2. Configurations reference
        3. Data sources guide
        4. Security and authorization guide
      8. Troubleshooting the Data Server
    6. MongoDB
      1. Introduction to Flexmonster MongoDB Connector
      2. Getting started with the MongoDB Connector
      3. Embedding the MongoDB Connector into the server
      4. Configuring the MongoDB Connector
    7. Microsoft Analysis Services
      1. Connecting to Microsoft Analysis Services
      2. Getting started with Flexmonster Accelerator
      3. Referencing the Accelerator as a DLL
      4. Configuring the authentication process
      5. Configuring a secure HTTPS connection
      6. Troubleshooting
    8. Custom data source API
      1. Introduction to the custom data source API
      2. A quick overview of a sample Node.js server
      3. A quick overview of a sample .NET Core server
      4. Implement your own server
        1. Implementing the custom data source API server
        2. Implementing filters
        3. Supporting more aggregation functions
        4. Supporting multilevel hierarchies
        5. Returning data for the drill-through view
        6. Testing your custom data source API server
    9. Elasticsearch
      1. Connecting to Elasticsearch
      2. Configuring the mapping
    10. Connecting to other data sources
  5. Accessibility
    1. Accessibility overview
    2. Keyboard navigation
  6. Configuring the component
    1. Available tutorials
    2. Getting started with the report
    3. Configure the data source
      1. Data source
      2. Mapping
    4. Define which data to show
      1. Slice
      2. Custom sorting
      3. Calculated values
    5. Manage Flexmonster’s functionality
      1. Options
      2. Configuring global options
    6. Format fields
      1. Number formatting
      2. Date and time formatting
      3. Conditional formatting
  7. Saving component configs
    1. Available tutorials
    2. Save and restore the report
    3. Share the report
    4. Export and print
  8. Charts
    1. Available tutorials
    2. Flexmonster Pivot Charts
    3. Integration with Highcharts
    4. Integration with amCharts
    5. Integration with Google Charts
    6. Integration with FusionCharts
    7. Integration with any charting library
  9. Customizing
    1. Available tutorials
    2. Customizing the Toolbar
    3. Customizing appearance
    4. Customizing the context menu
    5. Customizing the grid
    6. Customizing the pivot charts
    7. Localizing the component
  10. Security
    1. Security in Flexmonster
    2. Security aspects of connecting to an OLAP cube
      1. Ways of connecting to an OLAP cube
      2. The data transfer process
      3. Data security
      4. Data access management
  11. Updating to the latest version
    1. Updating to the latest version
    2. Release notes
    3. Migration guide from 2.8 to 2.9
    4. Migration guide from 2.7 to 2.8
    5. Migration guide from 2.6 to 2.7
    6. Migration guide from 2.5 to 2.6
    7. Migration guide from 2.4 to 2.5
    8. Migration guide from 2.3 to 2.4
    9. Migration guide from 2.2 to 2.3
  12. Flexmonster CLI Reference
    1. Overview
    2. Troubleshooting the CLI
    3. flexmonster create
    4. flexmonster add
    5. flexmonster update
    6. flexmonster version
    7. flexmonster help
  13. Documentation for older versions
Table of contents

Security and authorization guide

This tutorial describes how to configure the data access security in Flexmonster Data Server used as a console application. For instruction on managing security in the Data Server installed as a Windows/Unix service, see this guide.

Flexmonster Data Server supports different essential security configurations, such as built-in basic authorization and HTTPS. To learn more about security configurations in the Data Server, see the following guides:

Built-in basic authorization

By default, Flexmonster Data Server is accessible to anyone who can reach its host. Using the built-in basic authorization, you can restrict access to Flexmonster Data Server.

Step 1. Create a user

The flexmonster-data-server.exe file provides the setup-users command, which allows creating new users and managing them. Run the following command in the console to create a new user:

On Windows

flexmonster-data-server.exe setup-users add <username> 

On macOS and Ubuntu/Linux

./flexmonster-data-server setup-users add <username>

Here, <username> is the name of the created user.

Then you will be prompted to create and confirm the password for the user.

With the setup-users command, it is possible to see all created users, change the password for a user, and delete a user. Run the following command in the console to learn more about users management:

On Windows

flexmonster-data-server.exe setup-users --help

On macOS and Ubuntu/Linux

./flexmonster-data-server setup-users --help

Step 2. Enable authorization

In the flexmonster-config.json file, enable the authorization by setting the "Enabled" property of the "Authorization" object to true:

"Security" : {
"Authorization": {
   "Enabled": true

Step 3. Configure CORS

Basic Authorization requires certain origins to be defined in the Access-Control-Allow-Origin header. Origin is a domain that sends requests to Flexmonster Data Server (e.g., http://localhost:8080 or

To allow the origin to send requests to the Data Server, specify the "AllowOrigin" property in the flexmonster-config.json file:

"Security" : {
"CORS": {
   "AllowOrigin": "http://localhost:8080"

Several origins must be defined as follows:

"AllowOrigin": "http://localhost:8080,"

Step 4. Configure credentials on the client side

In this step, credentials are configured in Flexmonster Pivot. There are two ways to configure credentials:

  1. Use the withCredentials property:
    dataSource: {
        type: "api",
        url: "http://localhost:9500",
        index: "data",
    withCredentials: true
    In this case, you need to enter your login and password when first connecting to Flexmonster Data Server.
  2. Add a request header with basic authentication. The header should be added in the following way:
    dataSource: {
        type: "api",
        url: "http://localhost:9500",
        index: "data",
    requestHeaders: {
    "Authorization": "Basic QWxhZGRpbjpPcGVuU2VzYW1l"

    The header should be specified in the standard for basic authentication format.
    In this case, the authorization will be automatic, and the browser will not ask for the login and password.

Configure the HTTPS protocol

All data sent by HTTP is not encrypted and can be inspected. To make the Data Server more secure, we added an option to enable the HTTPS protocol. Follow the steps below to configure a secure HTTPS connection.

Step 1. Enable the HTTPS protocol

To enable the HTTPS protocol, set the "Enabled" property of the "HTTPS" object to true in the flexmonster-config.json file:

"HTTPS": {
"Enabled" : true

Step 2. (optional) Add a certificate

There is an option to add an SSL/TLS certificate. The certificate can be added with either Path-Password Object or Subject-Store Object. Each of them has different properties.

To add the certificate with the Path-Password Object, specify the path to the certificate and the password required to access it:

"HTTPS": {
    "Enabled": true,
    "Certificate": { 
        "Path": "sampleCert.pfx",
        "Password": "samplePassword"

Flexmonster Data Server supports only .pfx certificates.

To add the certificate with the Subject-Store Object, the following properties should be specified:

  1. In the "Certificate" object, specify the certificate subject name and the certificate store from which to load the certificate:
    "HTTPS": {
      "Enabled": true,
      "Certificate": {
    "Subject": "localhost",
    "Store": "My"
  2. (optional) Specify the location of the store from which to load the certificate. Skip this step if the needed location is "CurrentUser", since the default value of the location is "CurrentUser". Otherwise, set the "Location" property to "LocalMachine":
    "HTTPS": {
      "Enabled": true,
        "Certificate": {
    "Subject": "localhost",
    "Store": "My",
    "Location": "LocalMachine"
  3. (optional) To allow using invalid certificates, such as self-signed certificates, set the "AllowInvalid" property to true:
    "HTTPS": {
    "Enabled": true,
        "Certificate": {
    "Subject": "localhost",
    "Store": "My",
    "Location": "LocalMachine",
    "AllowInvalid": true

Step 3. (optional) Configure the protocols

The "Protocols" property establishes the HTTP protocols enabled on a connection endpoint or for the server. The "Protocols" property can be one of the following values: "Http1", "Http2", and "Http1AndHttp2". For example:

"HTTPS": {
"Enabled": true,
"Certificate": {
"Path": "sampleCert.pfx",
      "Password": "samplePassword"
"Protocols": "Http2"

Step 4. (optional) Configure HSTS

The Strict-Transport-Security (HSTS) response header tells browsers that the site only accepts a connection through the HTTPS protocol. This makes the site usage more secure.

Configure HSTS for Flexmonster Data Server either via the "HSTS" property or via the "Headers" property.

Via the "HSTS" property

If HSTS is configured via the "HSTS" property, it will be automatically added to all the Data Server’s responses:

"Security" : {
    "HSTS": {
       "MaxAge": 31536000,
        "IncludeSubDomains": true

Via the "Headers" property

If HSTS is configured via the "Headers" property, it will be returned only with a response to XHR:

"Security" : {
    "Headers": {
       "Strict-Transport-Security": "max-age=31536000; includeSubDomains"

Learn more about the directives of HSTS in the MDN documentation.

Restart the Data Server to apply the configurations. Now, the HTTPS protocol will be used instead of HTTP.

Reverse proxy authorization

If you need to use your own authorization mechanism, you can restrict the public access to Flexmonster Data Server and enable access to it through the reverse proxy. This approach requires implementing the proxy, which is responsible for the data access control. The proxy will decide which requests should be accepted and passed to the Data Server, and which requests should be declined.

The proxy has to implement the custom data source API to handle requests from Flexmonster Pivot. Then the proxy will be able to redirect Flexmonster Pivot’s requests to the Data Server. To see the full list of requests sent by Flexmonster Pivot, refer to our documentation.

Custom authorization and role-based permissions

Role-based access is supported when using Flexmonster Data Server as a DLL. Flexmonster.DataServer.Core.dll allows performing server-side filtering, so it becomes possible to show different subsets of the data to different user groups.

To demonstrate the usage of server-side filtering for role-based permissions, we created an ASP.NET application with a custom server using Flexmonster.DataServer.Core.dll.  The GitHub repository contains a solution file DemoDataServerCore.sln, so the sample can be opened and launched via Visual Studio.

To start the sample application from the console, run the following commands:

cd DemoDataServerCore
dotnet restore
dotnet run

To see the result, open http://localhost:5000/ in the browser.

On the page, there is the pivot table and the drop-down menu. Select a role from the menu to see how it affects the data shown in Flexmonster.

To see how the server-side filtering is implemented in the sample server, refer to the FlexmonsterAPIController.cs file.

To learn more about the server filter, see the Implementing the server filter guide.

Secure configuration setting

To store connection strings and other configurations more securely, set them dynamically as command-line arguments or environment variables. For details on passing dynamic configurations to the Data Server, see the configurations reference.

What’s next?

You may be interested in the following articles: