Hi Qlik Sense SaaS Users,  

We’re receiving questions from partners and customers regarding support for add-ons in SaaS editions of Qlik Sense and the Qlik Cloud Services (QCS) platform and want to address them. For starters, we remain fully committed to providing APIs, accelerators, and integration points enabling you to extend Qlik in the cloud and integrate it into your own custom solutions.   

Over the past year, we've made great efforts to make extending and embedding Qlik more accessible and easier, reducing the friction in a number of ways, including: 

• Qlik-cli for scripting automations and integrating with devops processes. 
• Nebula.js, a JavaScript library that makes it easy to embed analytics and custom visualizations into modern web frameworks like React and Angular.  
• Qlik.dev, a one-stop-shop for integrating Qlik into custom enterprise applications, including developer documentation, API references, and tutorials.    
• Webhooks, which enable users to respond to system events with their favorite automation tools.  

And that's not all. We’re busy researching and adding more opportunities to extend the Qlik platform. Initiatives in process include:  

• Integrating Blendr.io into QCS to enable developers and end users to orchestrate their daily workflow.  
• Authorizing Qlik users to access embedded analytics with OAuth2 support.  
• Developing pluggable architectures to customize base visualizations and wire custom solutions to platform integration points.  
• Making it easier for creators and consumers to merchandise and procure add-ons seamlessly.  

Some of the questions you've asked involve using extensions available for Qlik Sense on Windows in SaaS editions of Qlik Sense. Here are some responses to common questions about custom visualizations and advanced extensions. 

1. Visualization Extensions    

• Definition:  Surfaces data from the Qlik engine for display/consumption only.  
• Status:  Can be uploaded through the management console, where we support the integration point.  
• Note:  All extension-related support & updates are the sole responsibility of the extension provider. We do not yet have a program for certifying extensions in SaaS. 

2. Write-back Extensions  

• Definition:  Provide a mechanism for submitting data from an input form and / or the Qlik Sense application the extension is embedded to a location outside a Qlik Sense SaaS tenant.   
• Status:  Can be uploaded through the same integration point in the management console as visualization extensions; however, there is a limitation that results in all interactions being tied to a single identity. This limitation prevents you from identifying specific users by interaction and is one that we plan to address in a future release.  
• Note:  We advise that you proceed with caution and be sure you understand the limitation noted above resulting in the inability to determine who is making the write-back request.

 3. Server-side Extensions  

• Definition:  Advanced Analytics integrations supporting direct information exchange with the Qlik Associative Engine for machine learning use cases.  
• Status:  No integration point exists yet in SaaS for the classic SSE implementation in client-managed, therefore, server-side extensions cannot be implemented in Qlik Sense SaaS.   
• Note: Advanced analytics and machine learning capabilities are on the roadmap.  

Here are some responses to direct questions customers and partners recently asked: 

1. I’ve heard that Qlik’s not supporting extensions in SaaS. Is this true?  

Absolutely not! We remain dedicated to enabling platform extensibility, and are providing you with the APIs, accelerators, and integration points needed to extend Qlik in the cloud in a secure way.  

2. Is it true the capability APIs and extension API are deprecated?  

No, the capability APIs and the extension API have not been deprecated, but at some point in the future we do expect to do this as the functionality of our newer libraries provide additional value. We recommend working with our new framework agnostic library, Nebula.js, today, because it provides more flexibility with higher control when creating custom visualizations and embedding Qlik analytics in enterprise applications. 

3. Why doesn’t my extension display properly in Qlik Sense SaaS?   

Security requirements in QCS often result in code behaving differently than it did in client-managed versions. QCS implements Content Security Policy to protect browsers from embedded code in a web application. For more information, read the Qlik help topic on Content Security Policy (CSP) and consult the extension author’s documentation for CSP configuration information.  

4. Are extensions scanned for viruses, malware, and vulnerabilities when they are uploaded to Qlik Sense SaaS?   

No, extensions are not scanned by Qlik during upload to your SaaS tenant. Please exercise caution when adding extensions to Qlik Sense SaaS. Make sure to review the extension code before uploading, and only use extensions from creators and 3rd parties you trust. 

Hopefully, the information in this blog provides you with more clarity regarding Qlik's position on platform extensibility with Qlik Sense SaaS and Qlik Cloud Services. Please ask more questions! You can do so in the comments below or on the Qlik Sense Integration, Extensions, and APIs forum. 

Cheers!