mirror of
https://github.com/simonw/datasette.git
synced 2026-06-01 22:56:58 +02:00
Simon Willison
parent
11bddc8919
commit
0c5053cdf6
1 changed files with 62 additions and 0 deletions
|
|
@ -505,6 +505,68 @@ The JSON write API
|
|||
|
||||
Datasette provides a write API for JSON data. This is a POST-only API that requires an authenticated API token, see :ref:`CreateTokenView`. The token will need to have the specified :ref:`authentication_permissions`.
|
||||
|
||||
.. _ExecuteWriteView:
|
||||
|
||||
Executing write SQL
|
||||
~~~~~~~~~~~~~~~~~~~
|
||||
|
||||
Actors with the :ref:`actions_execute_write_sql` permission can execute arbitrary writable SQL against a mutable database using ``/-/execute-write``.
|
||||
|
||||
::
|
||||
|
||||
POST /<database>/-/execute-write
|
||||
Content-Type: application/json
|
||||
Authorization: Bearer dstok_<rest-of-token>
|
||||
|
||||
The request body must include a ``"sql"`` string. Named SQL parameters can be provided using the optional ``"params"`` object:
|
||||
|
||||
.. code-block:: json
|
||||
|
||||
{
|
||||
"sql": "insert into dogs (name) values (:name)",
|
||||
"params": {
|
||||
"name": "Cleo"
|
||||
}
|
||||
}
|
||||
|
||||
The SQL must be writable. Read-only ``select`` queries should use the regular :ref:`custom SQL query API <sql>` instead.
|
||||
|
||||
Datasette analyzes the SQL before executing it. The actor must have ``execute-write-sql`` permission for the database, and must also have any permissions required by the operations in the SQL. For example, inserts and updates against a table require ``insert-row``, ``update-row`` and ``delete-row`` permissions for that table. Reads performed as part of the write, such as ``insert into dogs select ... from other_table``, require ``view-table`` permission on the source table.
|
||||
|
||||
A successful response includes a message, the SQLite ``rowcount`` and a summary of the operations that were executed:
|
||||
|
||||
The shape of the ``"analysis"`` block is not yet considered a stable API and may change in future Datasette releases.
|
||||
|
||||
.. code-block:: json
|
||||
|
||||
{
|
||||
"ok": true,
|
||||
"message": "Query executed, 1 row affected",
|
||||
"rowcount": 1,
|
||||
"analysis": [
|
||||
{
|
||||
"operation": "insert",
|
||||
"database": "data",
|
||||
"table": "dogs",
|
||||
"required_permission": "insert-row, update-row, delete-row",
|
||||
"source": null
|
||||
}
|
||||
]
|
||||
}
|
||||
|
||||
If SQLite reports ``-1`` for the row count, the message will be ``"Query executed"``.
|
||||
|
||||
Errors use the standard Datasette error format:
|
||||
|
||||
.. code-block:: json
|
||||
|
||||
{
|
||||
"ok": false,
|
||||
"errors": [
|
||||
"Permission denied: need execute-write-sql"
|
||||
]
|
||||
}
|
||||
|
||||
.. _TableInsertView:
|
||||
|
||||
Inserting rows
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue