When you say Sense credentials what do you refer to? We don't have users in a traditional sense but rely on external systems to perform the authentication.
If you are integrating the mashup into a portal and that portal has already performed a authentication you could either do session integration, if a session token/cookie exists, or even header authentication if your solution is not exposed externally.
The authentication flow would happen before you expose your users to the mashup.
Thanks a lot for your first answer that provide me some way to explore the very large Sense documentation!
We connected the sense server to our Active Directory and by consequence when we go to the hub we have a popup to ask credentials to the users. I want to store the credentials on the portal to prevent the asking every time at the user. But I don't understand in the API flow which API I can call with these credentials.
It's probably not a good idea to store your users windows passwords in the portal itself. Unrelated but if you add your Qlik server to the intranet zone you will most likely get rid of that annoying popup when access the Hub since then the browser will be allowed to do the ntlm negotiation.
You would upload that to QRS under the Extensions section. The reason why it works is because mashups that are hosted through QRS sits behind the proxy so when a user requests a resource from behind the proxy and are authenticated, either automatically or through the popup, we set the session cookie for their Qlik Sense session.
The qlik-mashup-bounce module will then redirect the user to whatever URL you have your mashup hosted on but since they now have a valid session cookie in place they will be treated as authenticated users.