sewardgw opened a new issue #14155: URL: https://github.com/apache/superset/issues/14155
The `/superset/sql_json` endpoint provides a great way to externally invoke arbitrary SQL through Superset which manages manages the credentials, driver, libraries, and DB connections, etc. This is useful for a number of use-cases where external systems want to delegate the DB interaction; one common example is integration with Amundsen. However, in order to use this endpoint the client seems to have 2 options for authentication: 1. Provide a valid csrf token 2. Set `WTF_CSRF_ENABLED=False` in a custom `superset_config.py` (or whitelist the endpoint) For these use-cases the authentication should be programatic which makes option 1 not possible and, while option 2 works, this configuration should ideally not need to be turned off. **Describe the solution you'd like** Be able to authenticate and use the API without csrf tokens. Possibly have an `/api/v1` verstion of the `sql_json` endpoint that leverages bearer token auth. **Describe alternatives you've considered** Open to ideas! **Additional context** Happy to know of other ways to accomplish this if it already exists. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
