What is the correct way to hit an internal Foundry API from a Code Repository using, for example, a Python transform?
How can I hit a Foundry API from Code Repositories?
954 Views Asked by Adil B At
3
There are 3 best solutions below
0
On
Because of the mentioned Foundry limitations and project scoped tokens, we create dedicated Service Accounts for automations, create a bearer token for the service account and store it in a dataset which we secure with a Marking. In the transform where we use the token to make api calls, we stop_propagating the Marking to downstream transforms.
This is, unfortunately, rather cumbersome and we are looking here at Palantir's product development team for a better solution.
0
On
This is possible but somewhat discouraged because of the security impacts. Specifically the token that is used to call the API. Historically, Foundry jobs were run with the building user's complete token. This allows making any API call the user could make, but could be abused by a nefarious actor. Therefore most build today use a project-scoped token which can only read and write datasets, and not make API calls.
Thus you must either un-project-scope the repository so that it uses user tokens, which can be done through the Jemma API, or by supplying a hard-coded token, which can be done through a secured dataset with an appropriate marking, but be aware anyone who can read this dataset could steal the token.
A product support solution called logic flows is coming to make this process smoother.
Once you have a token making the API calls is similar to any other API. Here's an example in python, there's more information in the documentation.
URL = f"https://foundry.url/stemma/api/repos/{repo}/checks"
headers = {
"Authorization": "Bearer " + token
}
req = requests.get(URL, headers=headers)
if req.status_code > 299:
continue
req_json = req.json()
Currently the functionality for accessing Foundry APIs from within a Code Repository is not by default supported.