I would like to provide my customers with dashboards in an iframe without providing them with a Matomo Account. For this I have to add a token in the iframe.
Is it possible to block a token for API requests? Or is it possible to allow API requests only from a certain network?
I made the following settings in my .htaccess:
<Files "*">
<If "(%{QUERY_STRING} =~ /^module\=API/)">
Require ip 127.0.0.1 ::1
Require ip 0.0.0.0
Require ip myipaddress
Require ip ipaddress of server where dashboard is displayed
</If>
</Files>
<FilesMatch "(^piwik\.(php|js)|^matomo\.(php|js)|^container_.*\.js|robots\.txt|$
Require all granted
</FilesMatch>
But now the dashboard in the iframe does not work anymore.
Is there another possibility?