codeant-ai-for-open-source[bot] commented on PR #37973:
URL: https://github.com/apache/superset/pull/37973#issuecomment-4054223398
## **Sequence Diagram**
This PR adds API key support end to end: users can create keys from the User
Info page, and clients can use those keys to access protected Superset APIs.
Authentication is delegated to Flask AppBuilder SecurityManager so existing
protected endpoints enforce access without per-view changes.
```mermaid
sequenceDiagram
participant User
participant UserInfoPage
participant SecurityAPI
participant FABSecurityManager
participant AutomationClient
participant ProtectedAPI
User->>UserInfoPage: Create API key
UserInfoPage->>SecurityAPI: Send create key request
SecurityAPI->>FABSecurityManager: Generate key and store hash
FABSecurityManager-->>UserInfoPage: Return new key once
AutomationClient->>ProtectedAPI: Call API with bearer key
ProtectedAPI->>FABSecurityManager: Extract and validate API key
FABSecurityManager-->>ProtectedAPI: Return authenticated user and roles
ProtectedAPI-->>AutomationClient: Return response when access is allowed
```
---
*Generated by [CodeAnt AI](https://codeant.ai)*
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
