Skip to content

feat: add session token authentication (MB_SESSION_TOKEN)#8

Open
filippomortari wants to merge 4 commits intoandreagrandi:masterfrom
filippomortari:master
Open

feat: add session token authentication (MB_SESSION_TOKEN)#8
filippomortari wants to merge 4 commits intoandreagrandi:masterfrom
filippomortari:master

Conversation

@filippomortari
Copy link
Copy Markdown

@filippomortari filippomortari commented Mar 31, 2026

Summary

  • Adds MB_SESSION_TOKEN as an alternative authentication method alongside the existing MB_API_KEY
  • Useful when you don't have admin access to generate API keys — grab the session token from your browser cookies (metabase.SESSION)
  • MB_API_KEY and MB_SESSION_TOKEN are mutually exclusive; setting both is a config error

Changes

  • internal/config/config.go — Accept MB_SESSION_TOKEN env var, validate mutual exclusion with MB_API_KEY
  • internal/client/client.go — Send X-Metabase-Session header when session token is configured
  • tests/config_test.go — Tests for session-only, neither auth, and both-auth-error cases
  • tests/client_test.go — Tests for session token header setting across GET/POST requests
  • README.md — Document both authentication options

Test plan

  • All 117 existing + new tests pass (go test ./tests/)
  • Manually verified against a live Metabase instance with a session token

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@filippomortari