Skip to content

The managed Apache Flink service on the LakeSail platform is deprecated.

LakeSail is building Sail, an open-source computation framework in Rust to seamlessly integrate stream-processing, batch-processing, and compute-intensive (AI) workloads. The LakeSail platform will offer the managed solution for Sail. Existing PySpark and Flink SQL workloads can be migrated with ease. Please stay tuned and contact us if you are interested!

Authentication

Most of the LakeSail API operations require authenticated requests. This page describes how authentication works in the LakeSail API.

Authentication Methods

User Authentication

Human users are authenticated via the access token. The access token is issued by the server when the user signs in. The access token is either a JSON Web Token (JWT) or an opaque bearer token. The type of the token can be configured in the server configuration.

The access token is securely stored in the browser's local storage and sent to the server in the Authorization header with the Bearer scheme.

http
Authorization: Bearer <token>

The user authentication mechanism is intended for the LakeSail web console to interact with the LakeSail API. The access token is short-lived and will be refreshed automatically by the web console in the background.

An experienced user can also use the token to interact with the API directly for testing purpose, after obtaining the token from the browser's developer tools. However, note that the token will expire after a certain period of time, so it is not suitable for production use cases.

Service Account Authentication

Service accounts are authenticated using service account keys. You can create service account keys using the CreateServiceAccountKey operation.

To authenticate a service account, include the service account key in the Authorization header with the Bearer scheme:

http
Authorization: Bearer <key>

Please note that service account keys should be securely stored and not exposed in client-side code.

Getting the Current Identity

You can use the DescribeCurrentIdentity operation to get the current identity.

http
GET /api/org/v1/me

You will find information about either the user or the service account in the response body, depending on the type of credential specified in the Authorization header of the HTTP request.