GitHub user dosubot[bot] added a comment to the discussion: 404 Not Found When Calling `/api/v1/dashboard/:id/embedded` Despite Valid Login + CSRF
<!-- Answer --> You're exactly right—Superset's `/api/v1/dashboard/:slug/embedded` endpoint expects both a valid session cookie and a matching CSRF token for the authenticated user. If these don't match, Superset's middleware will silently return a 404, even if the dashboard and embedded record exist. This behavior isn't documented in detail, but it's enforced by the authentication and CSRF decorators at the framework level, not in the endpoint logic itself [see code](https://github.com/apache/superset/blob/829e4d92d91ceae4b43b1ed3b063ffe45377799c/superset/dashboards/api.py#L139-L1634). To avoid this, always call `/api/v1/security/csrf_token/` with the `Authorization` header after login, and persist the resulting session cookie and CSRF token for all subsequent requests. This flow is essential for embedded endpoints, which are stricter than some other API routes [community confirmation](https://github.com/apache/superset/discussions/33585). If you need to automate this, make sure your client handles cookie persistence and header management across requests. If you ever see a 404 from this endpoint despite everything else being correct, it's almost always a session/CSRF mismatch. <!-- Dosu Comment Footer --> *To reply, just mention [@dosu](https://go.dosu.dev/dosubot).* --- <sup>How did I do? [Good](https://app.dosu.dev/response-feedback/b0e7e199-cfa0-4e58-8816-afe7d085d826?feedback_type=great_response) | [Irrelevant](https://app.dosu.dev/response-feedback/b0e7e199-cfa0-4e58-8816-afe7d085d826?feedback_type=irrelevant_answer) | [Incorrect](https://app.dosu.dev/response-feedback/b0e7e199-cfa0-4e58-8816-afe7d085d826?feedback_type=incorrect_sources) | [Verbose](https://app.dosu.dev/response-feedback/b0e7e199-cfa0-4e58-8816-afe7d085d826?feedback_type=too_verbose) | [Hallucination](https://app.dosu.dev/response-feedback/b0e7e199-cfa0-4e58-8816-afe7d085d826?feedback_type=hallucination) | [Report 🐛](https://app.dosu.dev/response-feedback/b0e7e199-cfa0-4e58-8816-afe7d085d826?feedback_type=bug_report) | [Other](https://app.dosu.dev/response-feedback/b0e7e199-cfa0-4e58-8816-afe7d085d826?feedback_type=other)</sup> [](https://app.dosu.dev/a28d3c7e-a9d3-459e-9fb6-3a6f9ff4f357/ask?utm_source=github)& nbsp;[](https://go.dosu.dev/discord-bot) [](https://twitter.com/intent/tweet?text=%40dosu_ai%20helped%20me%20solve%20this%20issue!&url=https%3A//github.com/apache/superset/discussions/35997) GitHub link: https://github.com/apache/superset/discussions/35997#discussioncomment-14879332 ---- This is an automatically sent email for [email protected]. To unsubscribe, please send an email to: [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
