Since Matomo 4 you can embed widgets using an app specific auth token only if the user of that token has only view access. If the user has at least write (or admin or super user) access to one site, then this error will be shown and embedding the widget won’t work. This is to prevent accidentally using a token that could give other people enhanced permissions without you realising it.

To fix this error follow these steps:

  • create a new user and give this user only view access for the sites you want to embed reports for
  • log in as the newly created user
  • go to “Administration -> Security”
  • create a new app specific authentication token
  • copy the newly created token and use this token in the widget URL instead of the previous token