Houston API | Astronomer Docs

The Astronomer Houston API is the source of truth across the entire Astronomer platform.

For Astronomer Software users, our API is an easy way to do any of the following:

Query the platform’s database for information about a user, Workspace, or Deployment
Perform CRUD operations on entities scoped to the Astronomer platform, including Airflow Deployments, Workspaces, and users

For example, you can:

Delete a deployment
Look up a deployment’s resource config
Add a user to a Workspace
Make a user a System Administrator

Anything you can do with the Software UI, you can do programmatically with the Astronomer Houston API.

If you’re using the Astronomer Houston API and you’re migrating from Astronomer Certified (AC) to Astro Runtime, you’ll need to replace airflowVersion arguments with runtimeVersion arguments in your scripts. For more information about migrating a Deployment from Astronomer Certified to Astro Runtime, see Migrate a Deployment from Astronomer Certified to Astro Runtime.

Getting started

A GraphQL Playground is a graphical, interactive, in-browser GraphQL IDE where you can develop and test API queries. GraphQL itself is an open source query language for APIs that makes for an easy and simple way to manage data. For more information about the Playground features applicable to the wider GraphQL community, see GraphQL Playground’s Github.

In short, the Playground is a portal that allows you to write GraphQL queries directly against the API within your browser.

The Astronomer Houston API is available in two GraphQL Playgrounds, one requires an external connection to load visual assets, and a second option for use with airgapped environments.

Configure airgapped GraphQL playground access

Astronomer provides a GraphQL playground using an Apollo GraphQL Playground, accessed at https://houston.<your-base-domain>/v1/. The playground makes external requests to load assets such as JavaScript, CSS, and other resources from external URLs. As a result, it cannot be used in an airgapped environment or in cases where strict security requirements apply.

By default, users can access both playgrounds. However, you can restrict users from using the GraphQL playground available at https://houston.<your-base-domain>/v1/.

To disable access to the Apollo GraphQL Playground, and permit users to access only the GraphQL IDE at https://houston.<your-base-domain>/v1/playground, set the graphqlPlaygroundEnabled feature flag to false in your Houston API configuration in the config.yaml file:

1 astronomer:
2   houston:
3     config:
4       graphqlPlaygroundEnabled: false

Then, apply a configuration change.

Access the GraphQL playground

The URL at which you can reach Houston’s GraphQL playground depends on the platform you’re running. For your installation of Astronomer, it will be https://houston.<your-base-domain>/v1/, or https://houston.<your-base-domain>/v1/playground for airgapped environments.

For example, if you’re a Software customer and your basedomain is Astronomer, you would navigate to https://houston.astronomer/v1/ or https://houston.astronomer/v1/playground.

Authenticate

To query the Astronomer Houston API, you must first authenticate as an Astronomer user.

Go to https://app.BASEDOMAIN/token and copy the API token. Alternatively, note the API Key of a service account.
Open Astronomer’s Houston API GraphQL Playground at https://houston.<your-base-domain>/v1/ or https://houston.<your-base-domain>/v1/playground.
Expand the HTTP Headers section on the bottom left of the page.
Paste the API token you acquired from Step 1 in the following format: {"authorization": "<api-token>"}

Headers

As you work with our API, you’ll be restricted to actions allowed by both your existing role within the platform (e.g. SysAdmin or not) and your permissions within any particular Workspace (e.g. Viewer, Editor, Admin).

Query types

On Astronomer, you can ask for GraphQL:

Queries - Queries to return information
Mutations - Queries to modify data

Houston API schema

Once authenticated, you should be able to query all endpoints your user has access to. The Schema tab fixed on the right-hand side of the page is a great reference for queries and mutations we support and how each of them is structured.

Schema

Sample queries

Read below for commonly used queries. For those not in this doc, reference the “Schema” on the right-hand side as referenced above.

Query an Airflow Deployment

The workspaceDeployments query requires the following inputs:

workspaceUuid
releaseName

and can return any of the fields under Type Details:

config
uuid
status
createdAt
updatedAt
roleBindings
etc.

For instance, you can run the following:

1 query workspaceDeployments {
2   workspaceDeployments(
3     releaseName: "mathematical-probe-2087"
4     workspaceUuid: "ck35y9uf44y8l0a19cmwd1x8x"
5   )
6   {
7     config
8     uuid
9     status
10     createdAt
11     updatedAt
12     workspace {users {emails {address, createdAt} }}
13   }
14 }

To view results, press the “Play” button in middle of the page and see them render on the right side of the page.

Query

Query a user

To query for information about a user on the platform (e.g. “When was this user created?” “Does this user exist?” “What roles do they have on any Workspace?”), run a variation of the following:

1 query User {
2   users(user: { email: "<name@example.com>"} )
3   {
4     id
5     roleBindings {role}
6     status
7     createdAt
8   }
9 }

In the output, you should see:

The user’s id
A list of existing roles across the cluster (e.g. Workspace Admin)
The status of the user (active, pending)
A timestamp that reflects when the user was created

Sample mutations

Mutations make a change to your platform’s underlying database. For some common examples, read below.

Create a Deployment

To create a Deployment, you’ll need:

Workspace Admin permissions
Your Workspace ID

Then, to create a Deployment, run the following:

1 mutation CreateDeployment {
2   createDeployment(
3     workspaceUuid: "<workspace-id>",
4     type: "airflow",
5     label: "<deployment-name>",
6     config: {executor:"<airflow-executor>"},
7 
8     )
9     {
10       id
11       config
12       releaseName
13       workspace{label}
14       roleBindings{id}
15     }
16 }

Here, <airflow-executor> can be LocalExecutor, CeleryExecutor, or KubernetesExecutor.

Create or update a Deployment with configurations

The upsertDeployment mutation is behind a feature flag. To enable this feature, set the following configuration in your values.yaml file:

1 astronomer:
2   houston:
3     config:
4       deployments:
5         upsertDeploymentEnabled: true

Then push the configuration change to your cluster. See Apply a config change.

The upsertDeployment mutation can be used to both create and update Deployments with all possible Deployment configurations. If you query upsertDeployment without a deploymentUuid, the Houston API creates a new Deployment according to your specifications. If you specify an existing deploymentUuid, the Houston API updates the Deployment with that ID. All queries to create a Deployment require specifying a workspaceUuid.

When you make upsert updates to your Airflow Deployments, you must explicitly specify all existing environment variables, otherwise, the upsert overwrites them.

The following query creates a new Deployment in a custom namespace test-new-dep and configures a Deployment environment variable AIRFLOW__CORE__COLORED_LOG_FORMAT.

1 mutation upsertDeployment(
2   $workspaceUuid: Uuid,
3   $deploymentUuid: Uuid,
4   $label: String,
5   $description: String,
6   $releaseName: String,
7   $namespace: String,
8   $environmentVariables: [InputEnvironmentVariable],
9   $image: String,
10   $dockerconfigjson: JSON,
11   $version: String,
12   $airflowVersion: String,
13   $runtimeVersion: String,
14   $desiredRuntimeVersion: String,
15   $executor: ExecutorType,
16   $workers: Workers,
17   $webserver: Webserver,
18   $scheduler: Scheduler,
19   $triggerer: Triggerer,
20   $dagDeployment: DagDeployment,
21   $properties: JSON,
22   $cloudRole: String
23 ) {
24   upsertDeployment(
25     workspaceUuid: $workspaceUuid,
26     deploymentUuid: $deploymentUuid,
27     label: $label,
28     description: $description,
29     releaseName: $releaseName,
30     namespace: $namespace,
31     environmentVariables: $environmentVariables,
32     image: $image,
33     dockerconfigjson: $dockerconfigjson,
34     version: $version,
35     airflowVersion: $airflowVersion,
36     runtimeVersion: $runtimeVersion,
37     desiredRuntimeVersion: $desiredRuntimeVersion,
38     executor: $executor,
39     workers: $workers,
40     webserver: $webserver,
41     scheduler: $scheduler,
42     triggerer: $triggerer,
43     dagDeployment: $dagDeployment,
44     properties: $properties,
45     cloudRole: $cloudRole
46 ) {
47     id
48     config
49     urls {
50       type
51       url
52       __typename
53     }
54     properties
55     description
56     label
57     releaseName
58     namespace
59     status
60     type
61     version
62     workspace {
63       id
64       label
65       __typename
66     }
67     airflowVersion
68     runtimeVersion
69     desiredAirflowVersion
70     upsertedEnvironmentVariables {
71       key
72       value
73       isSecret
74       __typename
75     }
76     dagDeployment {
77       type
78       nfsLocation
79       repositoryUrl
80       branchName
81       syncInterval
82       syncTimeout
83       ephemeralStorage
84       dagDirectoryLocation
85       rev
86       sshKey
87       knownHosts
88       __typename
89     }
90     createdAt
91     updatedAt
92     __typename
93   }
94 }
95 {
96   "workspaceUuid": "cldemxl9502454yxe6vjlxy23",
97 	"environmentVariables": [
98     {
99       "key": "AIRFLOW__CORE__COLORED_LOG_FORMAT",
100       "value": "test",
101       "isSecret": false
102     }
103   ],
104   "releaseName": "",
105   "namespace": "test-new-dep",
106   "executor": "CeleryExecutor",
107   "workers": {},
108   "webserver": {},
109   "scheduler": {
110     "replicas": 1
111   },
112   "label": "test-new-dep",
113   "description": "",
114   "runtimeVersion": "7.2.0",
115   "properties": {
116     "extra_au": 0
117   },
118   "dagDeployment": {
119     "type": "image",
120     "nfsLocation": "",
121     "repositoryUrl": "",
122     "branchName": "",
123     "syncInterval": 1,
124     "syncTimeout": 120,
125     "ephemeralStorage": 2,
126     "dagDirectoryLocation": "",
127     "rev": "",
128     "sshKey": "",
129     "knownHosts": ""
130   }
131 }

Delete a Deployment

To delete a Deployment, you’ll need:

Permission (SysAdmin or Workspace Admin)
A Deployment ID

For more information about the SysAdmin role, reference our “User Management” doc.

If you don’t have a Deployment ID, run astro deployment list in the Astro CLI or follow the steps in “Query an Airflow Deployment”.

Then, to delete a Deployment, run the following:

1 mutation DeleteDeployment {
2   deleteDeployment (
3     deploymentUuid: "<deployment-id>"
4   ) {
5     uuid
6   }
7 }

Create a Deployment user

To create a Deployment user, you’ll need:

Workspace Admin privileges
A Deployment ID

If you don’t have a Deployment ID, run astro deployment list in the Astro CLI or follow the steps in “Query an Airflow Deployment”.

First, add the following to your GraphQL playground:

1 mutation AddDeploymentUser(
2 		$userId: Id
3 		$email: String!
4 		$deploymentId: Id!
5 		$role: Role!
6 	) {
7 		deploymentAddUserRole(
8 			userId: $userId
9 			email: $email
10 			deploymentId: $deploymentId
11 			role: $role
12 		) {
13 			id
14 			user {
15 				username
16 			}
17 			role
18 			deployment {
19 				id
20 				releaseName
21 			}
22 		}
23 	}

Then, in the Query Variables tab, add the following:

1 {
2   "role": "<user-role>",
3   "deploymentId": "<deploymentId>",
4   "email": "<email-address>"
5 }

Here, <user-role> can be DEPLOYMENT_ADMIN, DEPLOYMENT_EDITOR, or DEPLOYMENT_VIEWER.

After you specify these variables, run the mutation.

Delete a user

To delete a user, you’ll need:

SysAdmin permissions
userUuid

With a userUuid, run the following:

1 mutation removeUser {
2 	removeUser (
3     userUuid: "<USERUUID>"
4   ) {
5     uuid
6     emails {address}
7     status
8   }
9 }

Verify user email

If a user on the platform has trouble verifying their email address upon signup, you can use the Playground to manually verify it.

To run this mutation, you’ll need:

SysAdmin Permissions
User’s email address

With the email address in question, run the following:

1 mutation verifyEmail {
2 	verifyEmail (
3     email: "<USERUUID>"
4   )
5 }

To run this mutation, ensure that the user in question has already begun creating an account on the platform (i.e. the user has signed up and the platform has generated an “invite token” for that user).

Bypass user email verification

If you don’t need certain users to verify their email before joining a Workspace, you can configure a bypass when adding them to a Workspace. This can be useful for minimizing friction when programmatically inviting many users to your platform.

To run this mutation, you’ll need:

Workspace Admin permissions
A Workspace ID
The user’s email address
The user’s Workspace role

1 mutation workspaceAddUser(
2     $workspaceUuid: Uuid = "<your-workspace-uuid>"
3     $email: String! = "<user-email-address>"
4     $role: Role! = <user-workspace-role>
5     $bypassInvite: Boolean! = true
6   ) {
7     workspaceAddUser(
8       workspaceUuid: $workspaceUuid
9       email: $email
10       role: $role
11       deploymentRoles: $deploymentRoles
12       bypassInvite: $bypassInvite
13     ) {
14       id
15     }
16   }

Add a System Admin (Software only)

System Admins can be added either via the Software UI (‘System Admin’ > ‘User’ > ‘User Details’) or via an API call to Houston. To run the mutation in the GraphQL Playground, you’ll need:

userUuid
role (SYSTEM_ADMIN)

Keep in mind that only existing System Admins can grant the SysAdmin role to another user and that the user in question must already have a verified email address and already exist in the system.

With the uuid you pulled above, call the createSystemRoleBinding mutation by running:

1 mutation AddAdmin {
2   createSystemRoleBinding(
3     userId: "<uuid>"
4     role: SYSTEM_ADMIN
5   ) {
6     id
7   }
8 }

If you’re assigning a user a different System-Level Role, replace SYSTEM_ADMIN with either SYSTEM_VIEWER or SYSTEM_EDITOR in the mutation above.

Create a service account

You can create Deployment and Workspace-level accounts in the Software UI as described in Deploy to Astronomer via CI/CD. Alternatively, you can create platform-level service accounts programmatically via the Houston API. To create a service account via the Houston API, run the following in your GraphQL Playground:

1 mutation CreateSystemServiceAccount {
2   createSystemServiceAccount(label: "<label>", role: SYSTEM_ADMIN) {
3      apiKey
4      id
5   }
6 }

Update environment variables

To programmatically update environment variables, you’ll need:

A Deployment ID
A Deployment release name

If you don’t have a Deployment ID, run astro deployment list in the Astro CLI or follow the steps in “Query an Airflow Deployment”.

Then, in your GraphQL Playground, run the following:

1 mutation UpdateDeploymentVariables {
2   updateDeploymentVariables(
3     deploymentUuid: "<deployment-id>",
4   	releaseName: "<deployment-release-name>",
5     environmentVariables: [
6       {key: "<environment-variable-1>",
7       value: "<environment-variable-value-1>",
8       isSecret: <true-or-false>},
9       {key: "<environment-variable-2>",
10       value: "<environment-variable-value-2>",
11       isSecret: <true-or-false>}
12     ]
13   ) {
14     key
15     value
16     isSecret
17   }
18 }

Custom types

Any object in the Schema that maps to a custom GraphQL Type often requires additional subfields to be added to the query or mutation return object.

Below, we describe this concept in the context of a sample mutation.

Add a user to a Workspace

For example, take the “Add a user to a Workspace” mutation.

As input, you need:

A Workspace ID
Email address of the user
The designated role for the user (for example,. Workspace “Admin”, “Editor” or “Viewer”)

If you don’t already have a Workspace ID, run astro workspace list in the Astro CLI.

With that information, run the following:

1 mutation WorkspaceAddUser {
2 	workspaceAddUser (
3     workspaceUuid: "<workspace-id>"
4     email: "<email@example.com>"
5     role: WORKSPACE_ADMIN
6   ) {
7     users {emails {address} }
8     label
9     createdAt
10   }
11 }

In the above example, you should see the following return:

The email addresses of all users in the Workspace
The Workspace label
The date on which the Workspace was created

Unlike the label and createdAt fields, notice that the users type field requires you to specify additional subfields, i.e. emails and then addresses.

To know which fields you can or must specify, reference the “Schema” on the righthand side of the page. As is the case here, custom types are often composed of other custom types.

Custom Type

Delete a Workspace

To delete a Workspace, you’ll need the ID of the Workspace you want to delete. You can find this by running astro workspace list.

Using the Workspace ID, run the following query to delete the Workspace:

1 mutation deleteWorkspace(
2     $workspaceUuid: Uuid = "<workspace-id>"
3   ) {
4     deleteWorkspace(
5       workspaceUuid: $workspaceUuid
6     ) {
7         id
8     }
9   }