Arrow Flight SQL support is in the beta phase of development and may not be available on your enrollment. Functionality may change during active development. Contact Palantir Support to request enabling Arrow Flight SQL.
Arrow Flight SQL ↗ is a protocol for interacting with SQL servers. Arrow Flight SQL uses the Apache Arrow in-memory format and Flight RPC protocol for efficient and portable data transfer.
Foundry implements the Arrow Flight SQL protocol, meaning that any Flight SQL client can connect to Foundry, enabling many third-party connections without the need for custom configuration.
Arrow Flight SQL offers a JDBC driver ↗ that can be used with any JDBC-based client application, such as DBeaver ↗, DataGrip ↗, or others. Follow the instructions below to set up and use the JDBC driver in Foundry.
As of version 19.0.0, the Flight SQL JDBC driver can display incorrect timestamp values when the client application's local timezone is not UTC. Depending on how the application reads timestamps, the timezone offset may be applied in the wrong direction. The displayed time can be wrong by twice the local UTC offset — for example, a client in UTC+1 may show timestamps two hours behind the correct value. If your client application supports configuring its timezone, we recommend setting it to UTC.
Download the JDBC driver (.jar file) ↗. Once downloaded, place the file into the appropriate location as specified in the client application's documentation for configuring JDBC connections.
The JDBC connection string format is:
jdbc:arrow-flight-sql://<FOUNDRY_HOSTNAME>:443
FOUNDRY_HOSTNAME is the hostname of your Foundry environment (such as subdomain.palantirfoundry.com).If the JDBC client requires the driver class to be specified explicitly, specify org.apache.arrow.driver.jdbc.ArrowFlightJdbcDriver.
Authenticate using a security token generated from the Settings page in Foundry. See the user-generated tokens documentation for instructions on how to obtain a token.
If the client application provides username and password fields, set the username to token and the password to your user-generated token. This is the recommended way to provide the token.
If the client application does not provide separate credential fields, include the token directly in the connection string instead:
jdbc:arrow-flight-sql://<FOUNDRY_HOSTNAME>:443/?token=<TOKEN>
For service-to-service connections, you can authenticate using the OAuth 2.0 client credentials flow with a registered third-party application instead of a user-generated token. The third-party application must be registered as a confidential client configured with a client secret. Public clients are not supported.
Set the following connection properties on the JDBC driver:
| Property | Value |
|---|---|
oauth.flow | client_credentials |
oauth.tokenUri | https://<FOUNDRY_HOSTNAME>/multipass/api/oauth2/token |
oauth.clientId | The client ID of your registered third-party application. |
oauth.clientSecret | The client secret of your registered third-party application. |
oauth.scope | foundry-sql-server:query |
The client application must be granted the relevant SQL operations on the resources it queries. See SQL permissions for details.
For the full set of OAuth options supported by the driver, see the Flight SQL JDBC driver OAuth documentation ↗.
If supported by the client application, test a SQL query that returns rows from a Foundry dataset:
Copied!1SELECT * FROM `/Path/To/Dataset` LIMIT 10
The client application may instead allow you to browse projects and select datasets to access data.
For the full set of JDBC connection parameters, see the Flight SQL documentation ↗.
Access to SQL queries via Arrow Flight SQL is governed by SQL permissions. See SQL permissions for more details.