Using the undocumented Rest API: authentication and invocation of Tableau Server
April 24, 2013
, , , , ,


Most of us are bored with the tabcmd tool provided by Tableau. It only uses the 20% of the Tableau API and whenever you want to do something from your software you have to call it thru a command line interface. Not a nice solution in the age of webservices and restful APIs. The good news that you actually can use Tableau web services without tabcmd. It’s undocumented, but who cares if you know where to search for services.

Let’s check how the web services invocation works. In our example I would like to know the members of a give group without connecting the underlying database. Tabcmd does not have any option to return with user and group data (including object ownership, etc.), however, on Tableau Server the http://server_url/users.xml contains everything what I need. But how to grab it? The solution is to write a small class which

  1. Initializes a session inside Tableau Server
  2. Logs on with credentials using RSA assymmetric crypting (without sending clear text passwords on non-clear text channels)
  3. Invokes /users.xml URL

OK, how it looks like in details:

In order to log on to tableau securely, we should obtain an authenticity_token (acts like a cryptographic session identifier), and an RSA key (modulus+exponent). We can get by simply calling the http://server/auth.xml url. Most of the wgserver URLs accepts format parameter or .xml suffix, which indicates that the result should be returned as XML.


The second step is to call /auth/login.xml URL with our username, authenticity_token and encrypted password. The RSA public key returned with step 1 allows us to securely encrypt our password (single-way, assymetric encryption), thus no one except the server could decrypt it.

The function for encrypting passwords:

The third step is to call /users.xml (with persistent cookie information) and obtain the results:


And bang, we have the results. Also check the results from the step 1 (http response body), it mentions quite a lot undocumented API URLs — it’s a goldmine for the information hungry ones.

Full source code is here:

This post was originally published on the Tableau Developer Community Forums.

There is also an alternate method available, you can check it out here.

Looking for the JAVA approach? Click here.

Tamás Földi

Related items

/ You may check this items as well

sync frelard

Tableau Extensions Addons Introduction: Synchronized Scrollbars

At this year’s Tableau Conference, I tried t...

Read more

Tableau External Services API: Adding Haskell Expressions as Calculations

We all have our own Tableau Conference habits.  M...

Read more
Scaling Tableau Image

Scaling out Tableau Extracts – Building a distributed, multi-node MPP Hyper Cluster

Tableau Hyper Database (“Extract”) is ...

Read more