API¶
API Authentication¶
The API authentication is handled by the auth manager.
For more information about API authentication, please refer to the auth manager documentation used by your environment.
By default Airflow uses the Simple Auth Manager, if you did not specify any other auth manager.
Simple Auth Manager is a basic auth manager that persisted under Airflow core.
It is not recommended to use it in production and currently aiming for development purposes.
Please install apache-airflow-providers-fab to use the auth manager that is aimed for production.
For that, please look at API Authentication.
Enabling CORS¶
Cross-origin resource sharing (CORS) is a browser security feature that restricts HTTP requests that are initiated from scripts running in the browser.
Access-Control-Allow-Headers, Access-Control-Allow-Methods, and
Access-Control-Allow-Origin headers can be added by setting values for
access_control_allow_headers, access_control_allow_methods, and
access_control_allow_origins options in the [api] section of the
airflow.cfg file.
[api]
access_control_allow_headers = origin, content-type, accept
access_control_allow_methods = POST, GET, OPTIONS, DELETE
access_control_allow_origins = https://exampleclientapp1.com https://exampleclientapp2.com
Page size limit¶
To protect against requests that may lead to application instability, the stable API has a limit of items in response.
The default is 100 items, but you can change it using maximum_page_limit option in [api]
section in the airflow.cfg file.