External connections

This recipe demonstrates how to use Unity Catalog-managed external HTTP connections for secure and governed access to MCP and non-MCP servers, for example, to GitHub, or Jira, and Slack.

Code snippets

OAuth User to Machine Per User (On-behalf-of-user)

app.py
import streamlit as st
from databricks.sdk import WorkspaceClient
from databricks.sdk.service.serving import ExternalFunctionRequestHttpMethod

token = st.context.headers.get("x-forwarded-access-token")
w = WorkspaceClient(token=token, auth_type="pat")

response = w.serving_endpoints.http_request(
    conn="github_u2m",
    method=ExternalFunctionRequestHttpMethod.GET,
    path="/user",
    headers={"Accept": "application/vnd.github+json"},
)

st.json(response.json())

Bearer token

app.py
import streamlit as st
from databricks.sdk import WorkspaceClient
from databricks.sdk.service.serving import ExternalFunctionRequestHttpMethod

w = WorkspaceClient()

response = w.serving_endpoints.http_request(
    conn="github_connection",
    method=ExternalFunctionRequestHttpMethod.GET,
    path="/traffic/views",
    headers={"Accept": "application/vnd.github+json"},
)

st.json(response.json())

Resources

Unity Catalog HTTP Connection, either MCP or non-MCP

Permissions

Your app service principal needs the following permissions:

USE CONNECTION permission on the HTTP Connection

When using OAuth User to Machine Per User (On-behalf-of-user), you need to configure User authorization by adding the Unity Catalog connection or other scopes.

Dependencies

Databricks SDK for Python - databricks-sdk
Streamlit - streamlit

requirements.txt
databricks-sdk
streamlit

Code snippets​

OAuth User to Machine Per User (On-behalf-of-user)​

Bearer token​

Resources​

Permissions​

Dependencies​