26.6.0.cl doc publication

modules/ROOT/pages/ai-integration-options.adoc

@@ -21,16 +21,16 @@ The primary ways to integrate ThoughtSpot analytics and AI into your environment
 All options allow using your existing ThoughtSpot data models, Liveboards, Answers, row-level and column-level security, and governance. The main differences are where the UI or conversation layer exists and who orchestrates the analytics workflow.
 ====
 
-=== ThoughtSpot MCP Server
+=== ThoughtSpot Spotter MCP Server
 
-ThoughtSpot xref:mcp-integration.adoc[MCP Server] exposes governed analytics as MCP tools and resources to AI agents and clients. The MCP Server can be integrated with your MCP client, agent, LLM, or application UI, allowing your users to explore ThoughtSpot's agentic capabilities within the context of your application.
+ThoughtSpot xref:mcp-integration.adoc[Spotter MCP Server] exposes governed analytics as MCP tools and resources to AI agents and clients. Spotter MCP Server can be integrated with your MCP client, agent, LLM, or application UI, allowing your users to explore ThoughtSpot's agentic capabilities within the context of your application.
 
-ThoughtSpot recommends using the MCP Server in these scenarios:
+ThoughtSpot recommends using Spotter MCP Server in these scenarios:
 
 * When you want to plug ThoughtSpot into AI agents and clients that already support MCP, such as Claude, ChatGPT, Gemini, IDEs, and custom MCP clients.
 * If you are building your own MCP-based chatbot or application, and want to call ThoughtSpot MCP tools behind a custom web experience.
 
-For more information, see the xref:mcp-integration.adoc[MCP Server] documentation.
+For more information, see the xref:mcp-integration.adoc[Spotter MCP Server] documentation.
 
 === Embedding Spotter in your app
 

modules/ROOT/pages/api-changelog.adoc

@@ -8,18 +8,77 @@
 
 This changelog lists only the changes introduced in the Visual Embed SDK. For information about new features and enhancements available for embedded analytics, see xref:whats-new.adoc[What's New].
 
+== Version 1.49.x, June 2026
+
+[width="100%" cols="1,4"]
+|====
+|[tag greenBackground]#NEW FEATURE# a|
+[discrete]
+===== Visual overrides for charts and tables
+The SDK introduces the `visualOverrides` object in `SearchViewConfig` and
+`AppViewConfig`, enabling embed developers to apply chart and table display
+customizations to the new answers from an embedded Search data interface at initialization time.
+
+The `visualOverrides` object provides the following customization controls to modify the chart and table display:
+
+* `legend`: control legend visibility, position, and color palette of charts.
+* `dataLabel` attribute for data labels and per-column label filters.
+* `display` attributes for such as regression line overlay and grid line visibility in charts and table themes and content density in tables.
+* `axis` property for axis name and label visibility and fixed y-axis range.
+* `columns` property for per-column series color and conditional formatting rules.
+* `updateMaskPaths` property for partial updates
+* `columns` property for column visibility, text wrapping, conditional formatting, and column summary in tables.
+
+For more information, see xref:viz-overrides.adoc[Visualization overrides].
+
+//|[tag greenBackground]#NEW FEATURE# a|
+//[discrete]
+//===== New charts library
+
+//The SDK introduces the `newChartsLibrary` parameter to enable the new Muze charting library in Liveboard and full application embedding.
+
+|[tag greenBackground]#NEW FEATURE# a|
+[discrete]
+===== Liveboard browser cache refresh
+
+The SDK introduces the following event IDs and action ID to support programmatic and user-triggered browser cache refresh for the Liveboard ChartViz containers. These APIs require `enableLiveboardDataCache` to be enabled in your embed configuration.
+
+Events::
+
+* `EmbedEvent.RefreshLiveboardBrowserCache` +
+Emitted when a user clicks the *Refresh* button in the Liveboard header to clear the browser cache.
+
+* `HostEvent.RefreshLiveboardBrowserCache` +
+Allows the host application to programmatically trigger a browser cache refresh for all  visualization containers on the embedded Liveboard.
+
+New action ID::
+
+* `Action.RefreshLiveboardBrowserCache` +
+Action ID to control the visibility of the *Refresh* button that clears the browser cache and fetches new data for Liveboard ChartViz containers.
+
+|[tag greenBackground]#NEW FEATURE# a|
+[discrete]
+===== Spotter file upload
+The SDK introduces the following configuration parameters in `SpotterChatViewConfig` to enable and control file uploads in the embedded Spotter chat interface.
+
+* `spotterFileUploadEnabled` +
+When set to `true`, enables the file upload feature in the Spotter chat panel.
+
+* `spotterFileUploadFileTypes` +
+Restricts the file types allowed for upload in the Spotter chat panel. Accepts a `SpotterFileUploadFileTypes` object.
+|====
+
+
 == Version 1.48.x, May 2026
 [width="100%" cols="1,4"]
 |====
 |[tag greenBackground]#NEW FEATURE# a|
 [discrete]
 ===== Liveboard embedding
-
 The SDK includes the following new features and enhancements in Liveboard embedding.
 
 Continuous Liveboard layout in PDF downloads [beta betaBackground]^Beta^::
 
-
 When set to `true`, the `isContinuousLiveboardPDFEnabled` enables the Liveboard tab to render on a single page that matches the exact UI layout you see in ThoughtSpot. This update addresses the issue where visualizations for PDF downloads were split across multiple A4 pages regardless of how they appear on screen. This feature is in beta and can be enabled by setting `isContinuousLiveboardPDFEnabled` to `true`.
 
 New events and action IDs;;
@@ -75,7 +134,7 @@ Note the following changes:
 EmbedEvent::
 
 * `EmbedEvent.Subscribed` +
-The SDK introduces the `EmbedEvent.Subscribed` to emit an event when a HostEvent listener is registered. You can use this event to safely dispatch host events during the initial load without race conditions.
+The SDK introduces the `EmbedEvent.Subscribed` to emit an event when a HostEvent listener is registered. You can use this event to  dispatch host events during the initial load without race conditions. This is particularly useful for Spotter, where host events such as `HostEvent.ResetSpotterConversation` may be triggered immediately after load.
 * `EmbedEvent.Error` +
 The `EmbedEvent.Error` now fires on HostEvent payload validation failures.
 * `EmbedEvent.ChangePersonalizedView` +
@@ -370,7 +429,7 @@ The Visual Embed SDK now supports runtime overrides in Spotter embed.
 * To apply runtime Parameters, use the `runtimeParameters` object.
 
 |[tag greenBackground]#NEW FEATURE# a|*PNG images in Liveboard schedule notifications* +
-To enable embedding PNG images of Liveboards in scheduled job notifications sent to subscribers, the SDK provides the `isPNGInScheduledEmailsEnabled` boolean parameter.  When set to true, scheduled emails will include a PNG image of the Liveboard.
+To enable embedding PNG images of Liveboards in scheduled job notifications sent to subscribers, the SDK provides the `isPNGInScheduledEmailsEnabled` boolean parameter. When set to true, scheduled emails will include a PNG image of the Liveboard.
 
 The SDK also provides the following action IDs:
 

modules/ROOT/pages/api-intercept.adoc

@@ -78,7 +78,7 @@ embed.on(EmbedEvent.OnBeforeGetVizDataIntercept,
 
 == Intercept specific requests or all API calls
 
-The API intercept feature lets you intercept API calls made by the embedded application,  modify or block requests, and provide custom responses before they are sent to the backend.
+The API intercept feature lets you intercept API calls made by the embedded application, modify or block requests, and provide custom responses before they are sent to the backend.
 
 To intercept API requests from specific URLs, specify one of the following values in the  `interceptUrls` array:
 

modules/ROOT/pages/authentication.adoc

@@ -87,13 +87,105 @@ Once the security rules are set, they are fixed for at least that user's session
 |||
 |===
 
+[#_enable_trusted]
+=== Configure trusted authentication
+To generate an access token, trusted authentication must be enabled on your ThoughtSpot instance.
+You can enable trusted authentication through the ThoughtSpot UI or the REST API v2.
+
+*Through the ThoughtSpot UI*
+
+The administrator must enable xref:trusted-auth-secret-key.adoc[Trusted authentication] on the
+*Develop* > *Customizations* > *Security settings* page.
+
+*Through the REST API v2*
+
+Before enabling trusted authentication through the REST API v2, check your existing
+authentication configuration.
+To retrieve the current authentication configuration at the
+cluster or Org level, send a request to the `POST /api/rest/2.0/auth/search` endpoint.
+
+==== Request parameters
+[width="100%" cols="1,4"]
+[options='header']
+|=====
+|Parameter|Description
+|`auth_type`
+|__String__. Type of authentication mechanism to configure. Currently, supports `TRUSTED_AUTH` only.
+
+|`scope`
+__Optional__
+|__String__. Select `CLUSTER` to retrieve only cluster-level settings, or `ORG` to retrieve only Org-level settings. If no selection is made, both cluster and Org-level settings are retrieved based on user permissions.
+|=====
+
+==== API request
+
+.cURL
+[source, cURL]
+----
+curl -X POST \
+--url 'https://{ThoughtSpot-host}/api/rest/2.0/auth/search'  \
+-H 'Accept: application/json' \
+-H 'Content-Type: application/json' \
+-H 'Authorization: Bearer {AUTH_TOKEN}'
+    {
+    "auth_type": "TRUSTED_AUTH"
+    }'
+----
+
+
+If trusted authentication is not enabled, you can enable or disable it at the cluster or Org level by sending a request to the `POST /api/rest/2.0/auth/configure` endpoint.
+
+
+=== Request parameters
+[width="100%" cols="1,4"]
+[options='header']
+|=====
+|Parameter|Description
+|`auth_type`
+|__String__. Type of authentication mechanism to configure. Currently, supports `TRUSTED_AUTH` only.
+
+|`cluster_preferences`
+__Optional__
+|__Nullable__. `ENABLE` or `DISABLE` authentication for the cluster. When enabled, a new token is generated if one does not exist. When disabled, the existing cluster-level access token is revoked.
+
+|`org_preferences`
+__Optional__
+|__Nullable__. `ENABLE` or `DISABLE` authentication for a particular Org.  When enabled, a new org-level access token is generated if one does not exist. When disabled, the existing org-level access token is revoked.
+
+|`org_identifier`
+
+|=====
+
+==== API request
+
+.cURL
+[source, cURL]
+----
+curl -X POST \
+--url 'https://{ThoughtSpot-host}/api/rest/2.0/auth/configure'  \
+-H 'Content-Type: application/json' \
+-H 'Authorization: Bearer {AUTH_TOKEN}
+    '{
+    "auth_type": "TRUSTED_AUTH",
+    "org_preferences": [
+        {
+        "org_identifier": "Test",
+        "auth_status": "ENABLED"
+        }
+        ]
+    }'
+----
+
+If the API request is successful, ThoughtSpot returns a 204 status code.
+
+
 [#_generate_a_full_access_token]
 === Generating a full access token
 To generate a full access token, send a `POST` request to the `/api/rest/2.0/auth/token/full` API endpoint with the required attributes.
 
 You can generate a token by providing a `username` and `password`, or by using a `secret_key`.
 
-To generate a `secret_key`, the administrator must enable xref:trusted-auth-secret-key.adoc[trusted authentication] on the **Develop** > **Customizations** > **Security Settings** page.
+To generate a `secret_key`, the administrator must enable xref:trusted-auth-secret-key.adoc[trusted authentication] on the **Develop** > **Customizations** > **Security Settings** page or through the APIs.
 
 After ThoughtSpot issues an authentication token, the user must include the token in the `Authorization` header of their subsequent API requests.
 
@@ -161,7 +253,7 @@ If the API request is successful, ThoughtSpot returns the authentication token t
 ==== API request with username and secret key
 To obtain an authentication token for a user, include `username` and `secret_key` in the API request. In a trusted authentication implementation, you can request tokens on behalf of users who require access to the ThoughtSpot content embedded in a third-party application.
 
-To request a token on behalf of another user, you need administrator privileges and a `secret key` that allows you to securely pass the authentication details of an embedded application user. The `secret key` is generated xref:trusted-auth-secret-key.adoc#trusted-auth-enable[when trusted authentication is enabled on a ThoughtSpot instance].
+To request a token on behalf of another user, you need administrator privileges and a `secret_key` that allows you to securely pass the authentication details of an embedded application user. The `secret_key` is generated xref:trusted-auth-secret-key.adoc#trusted-auth-enable[when trusted authentication is enabled on a ThoughtSpot instance].
 
 To get a trusted authentication token that grants full access to ThoughtSpot, send a `POST` request with `username`, `secret_key`, and other attributes to the `/api/rest/2.0/auth/token/full` endpoint:
 
@@ -172,7 +264,7 @@ To get a trusted authentication token that grants full access to ThoughtSpot, se
 |`username`
 |__String__. Username of the ThoughtSpot user. If the user is not available in ThoughtSpot, you can set the `auto_create` parameter to `true` to create a user just-in-time (JIT).
 |`secret_key`
-|__String__. The secret key string generated for your ThoughtSpot instance. The secret key is created xref:trusted-auth-secret-key.adoc#trusted-auth-enable[when trusted authentication is enabled] on your instance.
+|__String__. The `secret_key` string generated for your ThoughtSpot instance. The `secret_key` is created xref:trusted-auth-secret-key.adoc#trusted-auth-enable[when trusted authentication is enabled] on your instance.
 |`validity_time_in_sec` +
 __Optional__|__Integer__. Token expiry duration in seconds. The default duration is 300 seconds. You can set the token expiry duration to a higher value. API requests with an expired or invalid token result in an error. In such cases, REST clients must obtain a new token from ThoughtSpot and use it in their subsequent API calls.
 |`org_id` +
@@ -187,7 +279,7 @@ The following example shows the request body with `username` and `secret_key`:
 [source,cURL]
 ----
 curl -X POST \
-  --url 'https://stage-grapes-champagne.thoughtspotstaging.cloud/api/rest/2.0/auth/token/full'  \
+  --url 'https://{ThoughtSpot-Host}api/rest/2.0/auth/token/full'  \
   -H 'Accept: application/json' \
   -H 'Content-Type: application/json' \
   --data-raw '{
@@ -298,7 +390,7 @@ To get a token that grants `read-only` access to a specific metadata object, sen
 |__String__. Username of the ThoughtSpot user. If the user is not available in ThoughtSpot, you can set the `auto_create` parameter to `true` to create a user just-in-time (JIT).
 
 |`secret_key`
-|__String__. The secret key string generated for your ThoughtSpot instance. The secret key is created xref:trusted-auth-secret-key.adoc#trusted-auth-enable[when trusted authentication is enabled] on your instance.
+|__String__. The `secret_key` string generated for your ThoughtSpot instance. The `secret_key` is created xref:trusted-auth-secret-key.adoc#trusted-auth-enable[when trusted authentication is enabled] on your instance.
 
 |`object_id`
 |__String__. GUID of the ThoughtSpot object.
@@ -542,7 +634,7 @@ For cookie-based authentication, make an API call to the `/api/rest/2.0/auth/ses
 |__String__. The password of the user account.
 
 |`org_identifier`
-|__String__. Name or ID of the Org. If no Org ID is specified, the user will be logged into the Org context of their previous session.
+|__String__. Name or ID of the Org. If no Org ID is specified, the user is logged into the Org context of their previous session.
 
 |`remember_me`
 __Optional__
@@ -772,13 +864,5 @@ curl -X POST \
 
 If the API request is successful, ThoughtSpot returns a 204 status code and ends the user session.
 
-////
-==== Response codes
 
-[options="header", cols="2,4"]
-|===
-|HTTP status code|Description
-|**204**|The user is logged out of ThoughtSpot
-|**500**|Failed operation
-|===
-////
+