Applicable to version 6.00.0210 and upwards.
The most secure way to pass credentials when viewing a dashboard embedded in your application, is to pass an authorisation token. This token is short-lived, and does not expose any login credentials.
First, make an HTTP POST request to GetAccessToken.ashx, with the parameters "username" and "password". This will return JSON containing token details; from that take the value of the "access_token" property.
To show a dashboard in your application, pass the access token to Dashboard.aspx, either as a query parameter (e.g. Dashboard.aspx?authtoken=…) or as a form parameter (e.g. <input type="hidden" name="authtoken" …). The latter is more secure as the token can be encrypted over HTTPS when posted.
For backwards compatibility, you may continue to post a username and password directly to Dashboard.aspx. If using this method, ensure HTTPS is in use on the DataPA application. This method is not recommended if a single username and password is used to authenticate with DataPA (users will be able to see the password in the page source).