Access CSV of a query result without publicly sharing

Hi all,

I discovered yesterday how easy it is to access an up-to-date CSV of a metabase query when publicly sharing the question, which I for example import into a Google spreadsheet (=IMPORTDATA(", without having to manually export the CSV.

Is there any way to do this without publicly sharing the question, e.g. allowing only users being logged in Metabase to retrieve the CSV?

(using Metabase 30.4, Chromium on Linux OS)


You can download it from the question.

Thanks Andrew. I know about that, but that’s exactly what I don’t want to do, because it would require me to re-download the CSV every time I want to get up-to-date data.
Instead I want to use a link to the CSV results that is regenerated automatically and not stored locally.

1 Like

I see. If you set it to email, you’ll also receive the csv as an attachment,

That will still require me to manually download the attached CSV.
In this precise case I would use this to group several Metabase results into one spreadsheet (there for sure are better tools than spreadsheets to do that, but that’s a different question!), so I can’t afford to download CSVs from multiple sources or emails every time I want to update the data in the spreadsheet.
The public sharing of CSV files beautifully allows this, is there really no way to access the CSV through a http link while being logged in on Metabase?

1 Like

I think you need to use the API:

This needs to be a GET request to url to work in google sheets. Is there a GET url (not public) for metabase which will return the csv results of a question?

Hi @key88sf
No, if you’re not using public sharing, then you would need to POST requests to the API.
You can do POST in Sheets via App Scripts:
There are many security issues with that, since you need to store your user/pass in the script.

1 Like

We would be using GAuth, so no user/pass would be needed.

@flamber Do u have an example or docs on how to use user/pass with the API requests? Apparently GSheets doesn’t make the request from the client browser, so auth actually is needed even in the case of using Google SSO.

Just to reference your issue:
As noted in issue 9978 about password protection of publicly sharing, there’s an example of how to do protection that way.
If you want to wrap your own code to the API, then have a look at the documentation: