Connect external tools
Generate an API key and point DuckDB, Spark, Trino, or PyIceberg at your data lake
Mesh Storage exposes your data lake as an Iceberg REST Catalog. Any client that speaks Iceberg REST can query it directly — no copy step, no exports, no separate database.
This is how you connect notebooks, BI dashboards, CI pipelines, and external compute to your Alloy data.
Generate an API key
From the Mesh Storage action bar, click Connect.
In the modal:
- Enter a name describing where the key will be used — e.g.
Jupyter notebook,CI pipeline,local dev. This makes keys easier to audit and revoke later. - Click Create API Key.
- Copy the key from the green box.
Copy this key now — it won't be shown again. If you lose it, generate a new one.
Get the catalog endpoint
The Connect modal also shows the Iceberg REST catalog gateway URL. Copy it — you'll point your client at this URL.
The endpoint serves the standard Iceberg REST API. It works with any compatible client.
Compatible clients
| Client | Connection notes |
|---|---|
| DuckDB | Use the Iceberg extension — ATTACH '<endpoint>' AS alloy (TYPE iceberg, ...) |
| Apache Spark | Configure the Iceberg REST catalog — point spark.sql.catalog.<name>.uri at the endpoint |
| Trino | Use the Iceberg connector with iceberg.catalog.type=rest |
| PyIceberg | pyiceberg.catalog.load_catalog(name, type="rest", uri=...) |
| Any Iceberg REST client | Most clients support OAuth-style bearer tokens — pass your API key as the Authorization: Bearer <key> header |
Quick test (DuckDB)
# install duckdb + iceberg extension
duckdbINSTALL iceberg;
LOAD iceberg;
ATTACH 'https://<your-gateway-url>' AS alloy (
TYPE iceberg,
TOKEN '<your-api-key>'
);
SHOW ALL TABLES;
SELECT count(*) FROM alloy.uploads.<some_table>;Connect via MCP (for AI agents)
If you're connecting an AI agent or assistant to your data lake, use the Alloy MCP server instead of a raw API key. See MCP →.
Revoking a key
Open the Connect modal and find the key in the list. Click Revoke — the key stops working immediately. Any clients still using it will start receiving auth errors on their next request.