Dynamic cube config providers PivotData Microservice Documentation

Dynamic cube provides are specified in the appsettings.json file PivotDataService:CubeProviders section.

Very often data sources are not 'static' for all users and cannot be hardcoded in the appsettings.json file:

  • if your app is SaaS and each user has access only to his database (or table filtered by user's records)
  • cubes configuration are user-specific because of access control rules
  • data sources are configured by end-user in your main web app

In these cases cubes configuration can be provided to PivotData microservice dynamically by the main web application. Technically you can specify an URL and microservice will use it to load JSON configuration of cubes:

"PivotDataService": {
  "CubeProviders": [
        "Url": "http://localhost/mainapp/getschema?access_token=test123456789abc",
        "ForwardHeaders": ["Cookie"]

This URL should return a JSON with an array of cubes, for example:

  "Id": "accounts-elasticsearch",
  "Name": "Accounts from ElasticSearch sample dataset",
  "SourceType": "elasticsearch",
  "SourceElasticSearch": {
    "ConnectionUrl": "https://site:nxxr8qt7n26c7jwijhwg1ipnarf402yn@thorin-us-east-1.searchly.com",
    "Index": "bank"
  "InferSchema": true

Secure cube provider URL

There are 3 ways how you can secure an URL that provides cubes to PivotData microservice:

  1. simple: check some secret token (smth like access_token) passed as URL parameter; allow to access cube provider URL only from the server where microservice is hosted
  2. cookie-based: if microservice API is accessed from client-side on the same domain as main web app you can specify
    "ForwardHeaders": ["Cookie"]
    to forward cookies in a request to the cube provider URL. As result cube provider URL may use auth cookie as other URLs of your web app.
  3. JWT-based (recommended): if microservice API is secured with Json Web Token you can specify
    to forward JWT in a request to the cube provider URL. In the code that handles this request you may verify JWT signature and use payload data (claims) to get user's ID and other context that may be provided in JWT.

You can combine these approaches: say, (1) and (3) to guarantee that cube provider URL cannot be accessed from a web browser.

Integration Example

PivotData microservice package includes integration example of main web app (ASP.NET MVC Core), it is located in integration\AspNetMvcCore folder. To run it please follow steps from readme.txt.

  • cube provider URL is defined in pivotdataservice\appsettings.json. URL is secured in a simple way (with access_token parameter; user's context is passed with URL parameters (resolved from JWT claims).
  • code that handles cube provider URL: Controllers\HomeController.cs (GetCubeSchema method)