Authenticate Qlik Sense in a nodeJS + express app on an external web host

Note: This is all my own opinion and in no way is endorsed by Qlik. Use at your own risk!!

Why would you want to do this?

ExpressJS is one of the most common frameworks used with nodeJS. You don’t need to use this to authenticate Qlik with a web application, you could just use the implementation explained in the NPM example at:

Any real world nodejs implementation is likely to be using express however, so this is using that module in a more common production environment. This will show you where to put the bits required to authenticate a mashup with an expressJS app. I will not show you how to set up an expressJS app as there are loads on the internet for that! Remember by doing this you are making the NodeJS application responsible for authentication, if you want an Authentication module for NodeJS I recommend using Passport.

Inside your nodeJS + Express app

Install the Qlik-Auth NPM module. Follow those instructions here

Update your package.json and your server.js to have the require like this:

var qlikauth = require('qlik-auth');

In your route.js file add the following code:

var qlikauth = require('qlik-auth');
//Qlik Authenticate 
app.get('/qlikauthenticate', function (req, res) {
  var user = req.user;


  //Define user directory, user identity and attributes 
  var profile = { 'UserDirectory': 'QLIK', 'UserId': 'usera', 'Attributes': [] }

  var options = { 'Certificate': './client.pfx', 'PassPhrase': '' }

  //Make call for ticket request 

  qlikauth.requestTicket(req, res, profile, options);

Next you need to make sure your public/javascripts folder you need to put the qlikauth.js and reference this on any page where you want Qlik Sense content in the HTML. You should recognise this as the standard js file the workbench spits out when creating a mashup.

var config = {
  host: "",
  prefix: "/custom/",
  port: window.location.port,
  isSecure: window.location.protocol === "https:"

  waitSeconds: 0,
  baseUrl: (config.isSecure ? "https://" : "http://") + + (config.port ? ":" + config.port : "") + config.prefix + "resources"

require(["js/qlik"], function (qlik) {
  qlik.setOnError(function (error) {

//open app and get objects 

var app = qlik.openApp("appid", config); 

$(".qvobject").each(function() { 
var qvid = $(this).data("qvid"); 
app.getObject(this, qvid); 
} );


Add the few lines you need to your mashup page, you will notice since I was using an external web host for my nodeJS I did absolute paths. I also had to create a client-custom.css to make the references to images correct so they would display when hosted on a different server from Qlik Sense. There might be a better way to do this..

<link rel="stylesheet" href=""></script>

<link rel="stylesheet" href="" media="all"</script>

<script src=""></script>

<script src="javascripts/qlikauth.js"></script>

On your Qlik Sense Server

  1. Make sure you have set up a virtual proxy that points to the route you have defined above.
  2. In this example it is /qlikauthenticate. In the example above I am also using the prefix ‘custom’. You will also want to make sure that you have updated your app ID
  3. I also recommend making the session cookie header relevent to the prefix you use. For example something like ‘X-Qlik-Session-custom’
  4. Also to avoid confusing errors you can put an additional response header of ‘Access-Control-Allow-Origin: *’. You will probably want to remove this in production.
  5. Add your server to the websocket white list and also your external URL host.
  6. After you have done this you need to export the cerificates from the QMC certificate tab and copy the generated client.pfx file into the route of your nodeJS application.
  7. Remember if you want to actually see mashup content you need make sure ‘usera’ in the example above has the correct token assigned or have them in a stream with appropriate licensing.