This connector uses Arrow as the data-exchange format, and supports APIs (e.g.`fetchmany_arrow`) to directly fetch Arrow tables. Arrow tables are wrapped in the`ArrowQueue` class to provide a natural API to get several rows at a time.[PyArrow](https://arrow.apache.org/docs/python/index.html) is required to enable this and use these APIs, you can install it via`pip install pyarrow` or`pip install databricks-sql-connector[pyarrow]`.

The connector includes built-in support for HTTP/HTTPS proxy servers with multiple authentication methods including basic authentication and Kerberos/Negotiate authentication. See`docs/proxy.md` and`examples/proxy_authentication.py` for details.

You are welcome to file an issue here for general use cases. You can also contact Databricks Support[here](help.databricks.com).

The Databricks SQL Connector supports connecting through HTTP and HTTPS proxy servers with various authentication methods. This feature automatically detects system proxy configuration and handles proxy authentication transparently.

The connector automatically uses your system's proxy configuration when available:

from databricksimport sql

with sql.connect(

server_hostname="your-workspace.cloud.databricks.com",

http_path="/sql/1.0/endpoints/your-endpoint-id",

)as connection:

For advanced proxy authentication (like Kerberos), specify the authentication method:

with sql.connect(

server_hostname="your-workspace.cloud.databricks.com",

http_path="/sql/1.0/endpoints/your-endpoint-id",

access_token="your-token",

)as connection:

The connector follows standard proxy environment variable conventions:

| Variable| Description| Example|

|----------|-------------|---------|

|`HTTP_PROXY`| Proxy for HTTP requests|`http://proxy.company.com:8080`|

|`HTTPS_PROXY`| Proxy for HTTPS requests|`https://proxy.company.com:8080`|

|`NO_PROXY`| Hosts to bypass proxy|`localhost,127.0.0.1,.company.com`|

**Note**: The connector also recognizes lowercase versions (`http_proxy`,`https_proxy`,`no_proxy`).

Basic proxy (no authentication):

export HTTPS_PROXY="http://proxy.company.com:8080"

Proxy with basic authentication:

export HTTPS_PROXY="http://username:password@proxy.company.com:8080"

The connector supports multiple proxy authentication methods via the`_proxy_auth_method` parameter:

**Default behavior** when credentials are provided in the proxy URL or when`_proxy_auth_method="basic"` is specified.

with sql.connect(

server_hostname="your-workspace.com",

http_path="/sql/1.0/endpoints/abc123",

)as conn:

with sql.connect(

server_hostname="your-workspace.com",

http_path="/sql/1.0/endpoints/abc123",

access_token="your-token",

)as conn:

For corporate environments using Kerberos authentication with proxy servers.

**Prerequisites:**

- Valid Kerberos tickets (run`kinit` first)

- Properly configured Kerberos environment

with sql.connect(

server_hostname="your-workspace.com",

http_path="/sql/1.0/endpoints/abc123",

access_token="your-token",

)as conn:

**Kerberos Setup Example:**

kinit your-username@YOUR-DOMAIN.COM

export HTTPS_PROXY="http://proxy.company.com:8080"

python your_script.py

The connector respects system proxy bypass rules. Requests to hosts listed in`NO_PROXY` or system bypass lists will connect directly, bypassing the proxy.

export NO_PROXY="localhost,127.0.0.1,*.internal.company.com,10.*"

The connector automatically makes per-request decisions about proxy usage based on:

1.**System proxy configuration** - Detected from environment variables

2.**Proxy bypass rules** - Honor`NO_PROXY` and system bypass settings

3.**Target host** - Check if the specific host should use proxy

The connector maintains separate connection pools for direct and proxy connections, allowing efficient handling of mixed proxy/direct traffic.

HTTPS connections through HTTP proxies use the CONNECT method for SSL tunneling. The connector handles this automatically while preserving all SSL verification settings.

**Problem**: Connection fails with proxy-related errors

**Problem**: Kerberos authentication fails

**Problem**: Some requests bypass proxy unexpectedly

Enable detailed logging to troubleshoot proxy issues:

import logging

logging.basicConfig(level=logging.DEBUG)

logging.getLogger("databricks.sql").setLevel(logging.DEBUG)

logging.getLogger("urllib3").setLevel(logging.DEBUG)

Use the provided example script to test different proxy authentication methods:

cd examples/

python proxy_authentication.py

This script tests:

- Default proxy behavior

- Basic authentication

- Kerberos/Negotiate authentication

See`examples/proxy_authentication.py` for a comprehensive demonstration of proxy authentication methods.

1.**Environment Variables**: Check`HTTP_PROXY`/`HTTPS_PROXY` environment variables

2.**System Configuration**: Use Python's`urllib.request.getproxies()` to detect system settings

3.**Bypass Rules**: Honor`NO_PROXY` and`urllib.request.proxy_bypass()` rules

4.**Per-Request Logic**: Decide proxy usage for each request based on target host

-**HTTP Proxies**: For both HTTP and HTTPS traffic (via CONNECT)

-**HTTPS Proxies**: Encrypted proxy connections

-**Authentication**: Basic, Negotiate/Kerberos

-**Bypass Rules**: Full support for NO_PROXY patterns

The connector uses a unified HTTP client that maintains:

-**Direct Pool Manager**: For non-proxy connections

-**Proxy Pool Manager**: For proxy connections

-**Per-Request Routing**: Automatic selection based on target host

This architecture ensures optimal performance and correct proxy handling across all connector operations.

-**`custom_cred_provider.py`** shows how to pass a custom credential provider to bypass connector authentication. Please install databricks-sdk prior to running this example.

-**`v3_retries_query_execute.py`** shows how to enable v3 retries in connector version 2.9.x including how to enable retries for non-default retry cases.

-**`parameters.py`** shows how to use parameters in native and inline modes.

-**`proxy_authentication.py`** demonstrates how to connect through proxy servers using different authentication methods including basic authentication and Kerberos/Negotiate authentication.