Airflow experimental REST API FORBIDDEN 403 response

Question

My system used to call the experimental REST API to trigger DAGs and everything worked fine.
When I upgraded from version 1.10.3 to 1.10.12 I suddenly receive this error:

requests.exceptions.HTTPError: ('403 Client Error: FORBIDDEN for url: http://airflow.server/api/experimental/dags/my_dag_name/dag_runs',
 ('request_method', 'POST'),
  ('request_url', 'http://airflow.server/api/experimental/dags/my_dag_name/dag_runs'),
   ('request_headers', {'User-Agent': 'python-requests/2.24.0', 'Accept-Encoding': 'gzip, deflate', 'Accept': '*/*', 'connection': 'close', 'Content-Length': '128',
    'Content-Type': 'application/json'}),
    ('request_body', b'{"run_id": "manual__2020-10-12T08:50:13.288911+00:00__version__69179146", "execution_date": "2020-10-12T08:50:13", "conf": null}'))

Ofek Hod Ofek Hod · Accepted Answer · 2020-10-12T12:07:47

Airflow version 1.10.11 changed its default auth for the experimental api from default to deny_all, which is more secure.
They made this change because the older behavior let anyone who has access to Airflow server to manipulate the DAG RUNs, pools, tasks, etc.

If you wish to make things work the same way as before (not safe), please add to airflow.conf:

[api]
auth_backend = airflow.api.auth.backend.default

If you want to choose the safer road, please read Airflow Security docs

Airflow experimental REST API FORBIDDEN 403 response

1 Answers