How to send autheticated requests to the server?

[ccordoba12]

We're developing a plugin to embed the classic notebook in Spyder:

https://github.com/spyder-ide/spyder-notebook

and it's progressing quite nicely (although not ready for the general public :-)

This is a screenshot:

---

Now, to my question: we'd like to kill the kernel associated with a notebook after its corresponding tab is closed in the interface. For that I know we can send a request like this

import requests
requests.delete("http://localhost:8888/api/kernels/<kernel-id>")

to the server. But after notebook 4.3 this is (of course) rejected.

So my question is: how can we send an authenticated request to the server to make this work?

I've been fighting with this for a couple of days (trying to get the right xsrf token) but I've been unable to do it.

[takluyver]

When you get the notebook server info from e.g. notebook.notebookapp.list_running_servers(), there should be a 'token' field in the dictionary. You can pass that as either:

• A URL parameter ?token=...
• An HTTP header Authorization: token ...

Requests including that token should bypass the normal xsrf checks, because we assume they're from non-browser programs using the notebook REST API - as indeed this is - and managing cookies etc. is a pain.

[minrk]

For a complete example:

import requests
from notebook.notebookapp import list_running_servers

# Just get the first, for now. You could pick based on port, pid, etc.
server_info = next(list_running_servers())
token = server_info.get('token', '')
url = server_info['url']

# list kernels
r = requests.get(url + 'api/kernels',
    headers={'Authorization': 'token %s' % token},
)
print(r.json())

[ccordoba12]

Thanks a lot Thomas and Min!! We were using token to pass the login page and render notebooks, but I just didn't understand how to make it work for the rest of the REST API.