Matomo iframe widgets report “For embedding widgets super user token auths are not allowed” but auth token is read-only

(Anyone who uses Stackoverflow, sorry for the cross-post, but I’ve not had any answers on there.)

We have started using Matomo for analytics on some of our web sites.

We’re experimenting with adding iframe widgets and graphs into particular parts of our Web app for certain authorised users. To do this we set up a read-only user in Matomo, and created an api auth key for it. We use this key as part of the request URL for the Matomo widgets.

This works fine for anyone who doesn’t have their own Matomo login, but for me it’s using my browser cookie to override the api auth key. When logged in to Matomo and trying to view the analytics, I get the following message:

This user has super user access. For embedding widgets super user token auths are not allowed.

To get rid of this message I have to log out of the Matomo dashboard first. Then the widgets work fine, using the api auth key.

This isn’t really ideal. Is there any way to have it be forced to use the key in the URL and not what’s in my cookie or browser?


This might be the same issue as this one:

Yes, thanks. I did end up reporting it to github, and we’ve merged it with the ticket you linked to.

Initially I thought I was doing something wrong, but it does look like it’s a bug.

1 Like