Starting February 5, 2026, Data Lake Formation (DLF) supports public network access via Paimon REST. This feature is currently in public preview.
Prerequisites
Before you begin, ensure that your client version and server-side configuration meet the following requirements.
1. Client version requirements
Use one of the following Paimon client versions:
Paimon Java 1.4-SNAPSHOT (built on or after January 30, 2026).
PyPaimon (built on or after February 10, 2026).
Paimon Java/Python 1.4 or later (upcoming release).
2. Enable public network access
For security reasons, public network access to DLF is disabled by default. A DLF administrator must manually enable it:
Log on to the DLF console, and navigate to Catalogs.
Click the target catalog and select the Catalog Configuration tab.
In the Advanced Settings section, set
enable.openapitotrue.
Public preview details and limitations
SLA: No SLA is provided during public preview. Core service functionality remains fully available.
Performance: Public network access performance depends on Internet connectivity. Throughput (QPS) is lower and response latency is higher than with VPC internal access. This access method is not suitable for large-scale, high-concurrency production workloads.
Billing
This feature is free during the public preview. Pricing for this feature after the public preview period will be announced separately.
Examples
The following code examples demonstrate how to connect to DLF over the public network.
Core code
Java
Options options = new Options();
// Configure the DLF public endpoint
options.set("uri", "https://dlfnext.cn-hangzhou.aliyuncs.com");
options.set("warehouse", "paimon_test");
options.set("dlf.region", "cn-hangzhou");
options.set("dlf.access-key-id", "YourAccessKeyId");
options.set("dlf.access-key-secret", "YourAccessKeySecret");
// You must configure the OSS public endpoint
options.set("dlf.oss-endpoint", "oss-cn-hangzhou.aliyuncs.com");
options.set("token.provider", "dlf");
Catalog restCatalog = new RESTCatalog(CatalogContext.create(options));Configuration item | Description | Example |
uri | DLF OpenAPI public endpoint. For more information, see Endpoint. | ap-southeast-1-vpc.dlf.aliyuncs.com |
warehouse | Name of the DLF data catalog. | paimon_test |
dlf.region | Region ID where the DLF service is deployed. | ap-southeast-1 |
dlf.access-key-id | AccessKey ID of your Alibaba Cloud account or RAM user. | - |
dlf.access-key-secret | AccessKey secret of your Alibaba Cloud account or RAM user. | - |
dlf.oss-endpoint | OSS public endpoint. For more information, see Regions and endpoints. | oss-ap-southeast-1.aliyuncs.com |
token.provider | Authentication provider. Set this to | dlf |
Python
from pypaimon import CatalogFactory
options = {
# Python clients must specify the metastore type as rest
'metastore': 'rest',
'uri': 'https://dlfnext.cn-hangzhou.aliyuncs.com',
'warehouse': 'paimon_test',
'dlf.region': 'cn-hangzhou',
'dlf.access-key-id': 'YourAccessKeyId',
'dlf.access-key-secret': 'YourAccessKeySecret',
# Configure this if you use STS temporary credentials
'dlf.security-token': 'YourSecurityToken',
'dlf.oss-endpoint': 'oss-cn-hangzhou.aliyuncs.com',
'token.provider': 'dlf',
}
rest_catalog = CatalogFactory.create(options)Configuration Item | Description | Example Value |
metastore | Metastore type. Set this to the static value | rest |
uri | DLF OpenAPI public endpoint. For more information, see Service Endpoint. | https://dlfnext.cn-hangzhou.aliyuncs.com |
warehouse | Name of the DLF data catalog. | paimon_test |
dlf.region | Region ID where the DLF service is deployed. | cn-hangzhou |
dlf.access-key-id | AccessKey ID of your Alibaba Cloud account or RAM user. | - |
dlf.access-key-secret | AccessKey secret of your Alibaba Cloud account or RAM user. | - |
dlf.security-token | STS security token. Omit this if you use long-term AccessKeys. | - |
dlf.oss-endpoint | OSS public endpoint. For more information, see Regions and Endpoints. | oss-cn-hangzhou.aliyuncs.com |
token.provider | Authentication provider. Set this to | dlf |