amotl opened a new issue, #20546:
URL: https://github.com/apache/superset/issues/20546
Dear lovely people of Apache Superset,
first things first: Thanks a stack for conceiving and maintaining Apache
Superset. It is truly a gem.
### Foreword
This is not meant to be an actual bug report. Maybe you can slap an `info`
label on it, or just tuck it away into the "Discussions" section?
### Introduction
I am trying to create a data source using the HTTP API of Apache Superset
_without_ adjusting `WTF_CSRF_ENABLED = False` and I think I took all input
from #2488, #4018, #8382, #10354, #16003, #17206, #19343, #19356, and further
information referenced below into consideration.
#16003 was the most helpful of all resources, outlining how to send both
`Authorization` and `X-CSRFToken` headers appropriately. However, people are
still struggling to replicate this workflow from the command line, for example
using `curl`.
In this post, I would like to demonstrate, that beyond properly sending the
corresponding tokens, you will also need to maintain a session between
requests. I will use [HTTPie] for that purpose.
### Walkthrough
This is meant to be exercised on a standard vanilla installation of Apache
Superset, where the authentication credentials are still `admin/admin` and no
other pieces have been modified. If you adjusted your installation, you will
need to modify some bits accordingly.
You will need to install both [HTTPie] and [jq], e.g. by typing
`{apt,brew,yum} install httpie jq`.
```console
# Authenticate and acquire a JWT token.
AUTH_TOKEN=$(http --session=superset
http://localhost:8088/api/v1/security/login username=admin password=admin
provider=db | jq -r .access_token)
# Acquire a CSRF token.
CSRF_TOKEN=$(http --session=superset
http://localhost:8088/api/v1/security/csrf_token/ Authorization:"Bearer
${AUTH_TOKEN}" | jq -r .result)
# Create a data source item / database connection.
http --session=superset http://localhost:8088/api/v1/database/
database_name="PostgreSQL Example" engine=postgres
sqlalchemy_uri=postgres://[email protected]:5432
Authorization:"Bearer ${AUTH_TOKEN}" X-CSRFToken:"${CSRF_TOKEN}"
```
### Enquiry
Somehow, I would have expected that this procedure would also work without
needing to maintain a session. However, when running the commands from the
example above, and omitting the `--session=` option, the last command croaks
with the venerous
```
400 Bad Request: The CSRF session token is missing.
```
### Conclusion
So, this post is meant to be _both_ an informational reference for the
community how to actually create datasource items using the HTTP API from the
commandline, and at the same time an enquiry to the developers, if my
expectations, to be able to run a conversation with the API **without**
maintaining a session, are actually inappropriate.
Thank you in advance for taking the time to look into this topic.
With kind regards,
Andreas.
---
#### Further references
https://stackoverflow.com/questions/66015739/use-apache-superset-api-to-feed-a-dataset
https://stackoverflow.com/questions/68614350/cannot-post-a-new-db-to-apache-superset-400-error-with-csrf
https://solveforum.com/forums/threads/solved-cannot-post-a-new-db-to-apache-superset-400-error-with-csrf.49375/
https://groups.google.com/g/airbnb_superset/c/3H7SZma4ZEE
[HTTPie]: https://httpie.io/
[jq]: https://github.com/stedolan/jq
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
