diff --git a/env/env.development b/env/env.development
index dd1debc..2d5995d 100644
--- a/env/env.development
+++ b/env/env.development
@@ -39,4 +39,6 @@ EXPORT_LIMIT_PARTITION=200
 ASSETS="https://asset.sky.eigen.co.id/"
 
 GOOGLE_CALENDAR_KEY="AIzaSyCSg4P3uC9Z7kD1P4f3rf1BbBaz4Q-M55o"
-GOOGLE_CALENDAR_ID="326464ac296874c7121825f5ef2e2799baa90b51da240f0045aae22beec10bd5@group.calendar.google.com"
\ No newline at end of file
+GOOGLE_CALENDAR_ID="326464ac296874c7121825f5ef2e2799baa90b51da240f0045aae22beec10bd5@group.calendar.google.com"
+
+SUPERSET_URL=https://dashboard.weplayground.eigen.co.id
\ No newline at end of file
diff --git a/env/env.production b/env/env.production
index e9c9e82..83683c4 100644
--- a/env/env.production
+++ b/env/env.production
@@ -36,4 +36,6 @@ EXPORT_LIMIT_PARTITION=200
 ASSETS="https://asset.sky.eigen.co.id/"
 
 GOOGLE_CALENDAR_KEY="AIzaSyCSg4P3uC9Z7kD1P4f3rf1BbBaz4Q-M55o"
-GOOGLE_CALENDAR_ID="326464ac296874c7121825f5ef2e2799baa90b51da240f0045aae22beec10bd5@group.calendar.google.com"
\ No newline at end of file
+GOOGLE_CALENDAR_ID="326464ac296874c7121825f5ef2e2799baa90b51da240f0045aae22beec10bd5@group.calendar.google.com"
+
+SUPERSET_URL=https://dashboard.weplayground.eigen.co.id
\ No newline at end of file
diff --git a/src/modules/configuration/superset/superset.controller.ts b/src/modules/configuration/superset/superset.controller.ts
index d36bd4e..ebca593 100644
--- a/src/modules/configuration/superset/superset.controller.ts
+++ b/src/modules/configuration/superset/superset.controller.ts
@@ -1,14 +1,16 @@
 import { Controller, Get, Param } from '@nestjs/common';
-import { ApiTags } from '@nestjs/swagger';
-import { Public } from 'src/core/guards';
+import { ApiBearerAuth, ApiTags } from '@nestjs/swagger';
+import { ExcludePrivilege, Public } from 'src/core/guards';
 import { SupersetService } from './superset.service';
 
 @ApiTags(`Superset`)
 @Controller(`v1/superset`)
+@Public(false)
+@ApiBearerAuth('JWT')
 export class SupersetController {
   constructor(private service: SupersetService) {}
   @Get('token/:id')
-  @Public(true)
+  @ExcludePrivilege()
   async getGuestToken(@Param('id') id: string) {
     return this.service.getGuestToken(id);
   }
diff --git a/src/modules/configuration/superset/superset.service.ts b/src/modules/configuration/superset/superset.service.ts
index 4704517..556a955 100644
--- a/src/modules/configuration/superset/superset.service.ts
+++ b/src/modules/configuration/superset/superset.service.ts
@@ -4,8 +4,10 @@ import { firstValueFrom } from 'rxjs';
 
 @Injectable()
 export class SupersetService {
-  private SUPERSET_URL = 'https://dashboard.weplayground.eigen.co.id';
+  private SUPERSET_URL = process.env.SUPERSET_URL + '/api';
+
   constructor(private readonly httpService: HttpService) {}
+
   async getLoginToken() {
     const data = {
       username: 'admin',
@@ -13,8 +15,13 @@ export class SupersetService {
       provider: 'db',
       refresh: true,
     };
+
     const response = await firstValueFrom(
-      this.httpService.post(`${this.SUPERSET_URL}/api/v1/security/login`, data),
+      this.httpService.request({
+        method: 'POST',
+        url: `${this.SUPERSET_URL}/v1/security/login`,
+        data: data,
+      }),
     );
 
     return response.data.access_token;
@@ -22,9 +29,10 @@ export class SupersetService {
 
   async getCSRFToken() {
     const loginToken = await this.getLoginToken();
-
     const response = await firstValueFrom(
-      this.httpService.get(`${this.SUPERSET_URL}/api/v1/security/csrf_token/`, {
+      this.httpService.request({
+        method: 'GET',
+        url: `${this.SUPERSET_URL}/v1/security/csrf_token/`,
         headers: { Authorization: `Bearer ${loginToken}` },
       }),
     );
@@ -34,6 +42,7 @@ export class SupersetService {
 
   async getGuestToken(uuid: string) {
     const { loginToken, csrfToken } = await this.getCSRFToken();
+
     const data = {
       resources: [{ type: 'dashboard', id: uuid }],
       rls: [],
@@ -44,15 +53,16 @@ export class SupersetService {
       'Content-Type': 'application/json',
       Authorization: `Bearer ${loginToken}`,
       'X-CSRFToken': `${csrfToken}`,
-      Referer: `${this.SUPERSET_URL}/api/v1/security/guest_token/`,
+      Referer: `${this.SUPERSET_URL}/v1/security/guest_token/`,
     };
 
     const response = await firstValueFrom(
-      this.httpService.post(
-        `${this.SUPERSET_URL}/api/v1/security/guest_token/`,
-        data,
-        { headers, xsrfHeaderName: 'X-CSRFToken' },
-      ),
+      this.httpService.request({
+        method: 'POST',
+        url: `${this.SUPERSET_URL}/v1/security/guest_token/`,
+        data: data,
+        headers: headers,
+      }),
     );
 
     return response.data.token;