Public API¶
Airflow public API authentication¶
The Airflow public API uses JWT (JSON Web Token) for authenticating API requests.
Each request made to the Airflow API must include a valid JWT token in the Authorization
header to verify the
identity and permissions of the client.
Generate a JWT token¶
To interact with the Airflow API, clients must first authenticate and obtain a JWT token.
The token can be generated by making a POST
request to the /auth/token
endpoint, passing the necessary
credentials (e.g., username and password). The /auth/token
endpoint is provided by the auth manager, therefore,
please read the documentation of the auth manager configured in your environment for more details.
Example¶
Request
ENDPOINT_URL="http://localhost:8080/"
curl -X POST ${ENDPOINT_URL}/auth/token \
-H "Content-Type: application/json" \
-d '{
"username": "your-username",
"password": "your-password"
}'
Response
{
"access_token": "<JWT-TOKEN>"
}
Use the JWT token to call Airflow public API
ENDPOINT_URL="http://localhost:8080/"
curl -X GET ${ENDPOINT_URL}/api/v2/dags \
-H "Authorization: Bearer <JWT-TOKEN>"
Enabling CORS¶
Cross-origin resource sharing (CORS) is a browser security feature that restricts HTTP requests that are initiated from scripts running in the browser.
Access-Control-Allow-Headers
, Access-Control-Allow-Methods
, and
Access-Control-Allow-Origin
headers can be added by setting values for
access_control_allow_headers
, access_control_allow_methods
, and
access_control_allow_origins
options in the [api]
section of the
airflow.cfg
file.
[api]
access_control_allow_headers = origin, content-type, accept
access_control_allow_methods = POST, GET, OPTIONS, DELETE
access_control_allow_origins = https://exampleclientapp1.com https://exampleclientapp2.com
Page size limit¶
To protect against requests that may lead to application instability, the stable API has a limit of items in response.
The default is 100 items, but you can change it using maximum_page_limit
option in [api]
section in the airflow.cfg
file.
Request Payload Considerations¶
When using REST APIs that accept data payloads (such as the Variables API), be mindful of the payload size. Large payloads (out of ordinary size, like a million bytes) can impact the performance of the Airflow webserver. It’s recommended to implement appropriate size limits at the proxy layer for your deployment.