DocsBlogPricingDashboardGitHubGitHub585
Back to blog

Building an Embeddable Live Analytics Demo: From Concept to Reality

izadoesdev
izadoesdev
Jul 15, 2025
6 min read
TL;DR

How I built a secure, embeddable live demo for my analytics platform - the challenges I faced and solutions that actually worked.

Building an Embeddable Live Analytics Demo: From Concept to Reality

Building a Live SaaS Demo: A Developer's Journey

Creating a live, interactive demo for your SaaS product sounds straightforward until you dive into the real-world complexities. When I built an embeddable analytics dashboard demo for Databuddy, I discovered that showcasing your product without authentication barriers involves more technical and security considerations than expected.

The Demo Dilemma

Like many SaaS companies, I faced the classic challenge: how do you show off your product's capabilities without forcing potential customers through signup? For an analytics platform like Databuddy, this was particularly tricky because:

  • Authentication barriers: Dashboard requires login to access website data

  • Data privacy: Couldn't expose real customer data publicly

  • Complex permissions: Detailed website ownership and access controls

  • Trust factor: People want to see the real product, not mockups

I considered the usual options - screenshot galleries (boring), video demos (not interactive), sandbox accounts (still required signup), and mock interfaces (obviously fake). None felt right.

My Solution: The Demo Website Approach

My breakthrough was creating a special "demo website" that bypasses normal authentication while using completely real data and functionality.

I created a specific website entry in my database that:

  • Uses real analytics data from my documentation site

  • Updates in real-time as visitors interact with my docs

  • Bypasses authentication requirements for public access

  • Maintains full dashboard functionality

The key insight: instead of creating fake demo data, I used analytics from my own documentation site. This provided authentic, constantly updating data with real user behavior patterns.

Authentication: More Complex Than Expected

What seemed like simple "skip authentication for this one website" turned into a multi-layered challenge that taught me about modern application security complexity.

Modern applications don't just check authentication in one place. My system had multiple layers:

  • API middleware validating user sessions

  • Permission middleware checking website access rights

  • Route handlers verifying user context

  • Database queries filtering data by user ownership

Simply bypassing the first layer wasn't enough - I had to update each layer to handle my demo website as a special case.

The Solution Pattern

I developed a consistent approach: check for the demo website ID first, then proceed with normal authentication for everything else. This kept security intact for regular users while providing seamless demo access.

Security Considerations

Building an authentication bypass immediately raises security flags. I had to address:

Rate Limiting: Demo requests needed their own stricter limits to prevent abuse.

Security Best Practices:

  • Specific ID checking (exact demo website ID only)

  • Read-only access for demo bypass

  • All demo access logged for monitoring

  • Database validation maintained

Making It Embeddable: The Iframe Challenge

Getting my dashboard to work inside iframes required navigating modern web security policies.

My initial Content Security Policy blocked iframe embedding entirely:

frame-ancestors 'none'  // Blocks ALL iframe embedding

The solution was updating CSP to allow embedding while maintaining security:

frame-src 'self' https:     // Allow loading frames from HTTPS sources  
frame-ancestors *           // Allow embedding on any site

User Experience: From Tiny to Fullscreen

Technical functionality was only half the battle - the demo needed excellent UX.

My first iframe was too small to showcase the dashboard effectively. The progression:

  1. Started with video proportions (too small)

  2. Increased to 70% viewport height (better but cramped)

  3. Added fullscreen functionality (game changer)

Small details made a big difference:

  • Browser-like interface with traffic light buttons

  • "Live Demo" indicator with animated status dot

  • Smooth transitions and professional loading states

The Frontend Challenge: A Brilliant Hack

Once backend authentication bypass worked, I faced another challenge: creating the demo frontend without duplicating my entire dashboard codebase.

My breakthrough was realizing I didn't need to rewrite anything. I could create new routes that literally re-export existing dashboard pages:

Demo Overview Page (/demo/[id]/page.tsx):

"use client";
export { default } from '../../../(main)/websites/[id]/page'

Demo Sessions Page (/demo/[id]/sessions/page.tsx):

export { default } from '../../../(main)/websites/[id]/sessions/page'

That's it. One line per page. The magic happens in the layout wrapper that provides demo-specific navigation and styling.

Why This "Hack" Is Actually Genius

  1. Zero Code Duplication: 100% reuse of dashboard pages, components, and logic

  2. Always Up-to-Date: New features appear in demo automatically

  3. Authentic Experience: Demo is literally the same application customers use

  4. Minimal Maintenance: One layout file and sidebar component to maintain

  5. Easy Extension: New demo page = one line of code

Sometimes the "hacky" solution is the most pragmatic. Instead of weeks building sophisticated shared components, I reused everything with one line per page.

Key Lessons Learned

Authentication Is Complex: Don't assume bypassing authentication is a simple middleware change. Modern apps have authentication touching multiple layers, route logic, and database patterns.

Security Needs Ongoing Attention: Authentication bypasses are risky and need continuous monitoring, documentation, and abuse prevention planning.

UX Trumps Technical Perfection: Fullscreen functionality and proper sizing made the difference between an ignored demo and one people explored.

Real Data Beats Perfect Mockups: Using actual documentation analytics instead of crafted demo data was a game-changer - it shows authentic patterns and feels trustworthy.

Progressive Enhancement Works: Start with basic functionality, identify pain points through testing, then iteratively improve based on feedback.

What I'd Do Differently

  • Plan Authentication Architecture Upfront: Design auth system with demo access as first-class use case

  • Implement Rate Limiting from Day One: Include abuse prevention before public launch

  • Test Embedding Early: Validate iframe/CSP functionality across browsers upfront

  • Gather User Feedback Sooner: Get demo in front of real users much earlier

  • Design for Reuse: Consider multiple presentation contexts when designing component interfaces

The Result

Today, my live demo provides an authentic, interactive experience showcasing Databuddy's capabilities without barriers. Visitors can explore real analytics data in real-time, experience full functionality, view in fullscreen, and even embed on their sites.

Most importantly, it converts. People who interact with the live demo are significantly more likely to sign up because they've experienced the value firsthand.

But now? It doesn't even matter, I added an isPublic toggle which allows anyone to embed their analytics anywhere in seconds, but learning was worth it..

Building a great product demo isn't just about removing authentication - it's about creating an experience that effectively communicates your product's value while maintaining security and trust.