@David_McRitchie , thank you for your help!
Without this hint, I would have spent much more time figuring out which methods could work for this task. I explored and understood how URL parameters work for ArcGIS Dashboard. I successfully integrated this into Experience Builder dev using the embed widget.
I also realized that URL parameters can be used similarly for Experience Builder applications. I believe this is exactly what we want to implement in our projects!
At this stage, I am setting the necessary data_filter in the URL bar, which successfully filters my interface. However, I see that users could simply change the parameter values and retrieve results for other data. To prevent this, I am using the embed widget in Experience Builder, which embeds my Experience Builder interface. This way, users cannot modify the URL parameters to intentionally or accidentally access other data.
However, we have one issue. I am also considering a custom widget that will check who is accessing the page upon loading (likely using SessionManager.getInstance()) and verify whether they have selected their correct region. If everything is correct, the interface will be displayed and filtered accordingly to their assigned region.
Could you please advise if this approach is vulnerable in terms of user data security? Is it possible to track this request to SessionManager using F12 developer tools and exploit it for malicious purposes? In general, are we thinking correctly, or should we change our approach to implementing this solution in terms of web security?
Thank you very much!
