Add generic REST API passthrough handler

[ZoranPandovski]

Description

This PR adds a new rest_api handler that enables passthrough for any bearer-token API using just a base_url and bearer_token. No SQL tables needed for APIs mindsdb doesn't have a named handler for.

Fixes #issue_number

Type of change

(Please delete options that are not relevant)

• 🐛 Bug fix (non-breaking change which fixes an issue)
• ⚡ New feature (non-breaking change which adds functionality)
• 📢 Breaking change (fix or feature that would cause existing functionality not to work as expected)
• 📄 This change requires a documentation update

Checklist:

• My code follows the style guidelines(PEP 8) of MindsDB.
• I have appropriately commented on my code, especially in complex areas.
• Necessary documentation updates are either made or tracked in issues.
• Relevant unit and integration tests are updated or added.

[entelligence-ai-pr-reviews]

EntelligenceAI PR Summary

Introduces a new rest_api_handler integration providing passthrough-only access to bearer-token authenticated REST APIs, with no SQL table support.

• rest_api_handler.py: Core handler class with connect() and check_connection() (validates base_url and bearer_token); native_query, get_tables, and get_columns explicitly reject SQL operations and redirect to /passthrough
• connection_args.py: Defines base_url (required), bearer_token (required, secret PWD type), default_headers, allowed_hosts, and test_path (all optional)
• __init__.py / __about__.py: Handler registration as DATA type, version 0.0.1, MIT license metadata
• README.md: Covers CREATE DATABASE syntax, passthrough endpoint (/api/integrations/{name}/passthrough), security controls (host containment, header filtering, response scrubbing, size limits), and troubleshooting
• icon.svg: Visual icon asset for the integration
• tests/unit/handlers/test_rest_api.py: Four test classes validating protocol compliance, credential validation, request construction, and graceful network error handling

---

Confidence Score: 4/5 - Mostly Safe

Likely safe but review recommended — the rest_api_handler integration introduces a clean passthrough-only pattern with explicit rejection of SQL operations in native_query, get_tables, and get_columns, which is a sound design choice for a bearer-token REST proxy. The implementation appears coherent with connection_args.py correctly marking bearer_token as a secret PWD type. However, only 4 of 7 changed files were reviewed, meaning portions of the implementation have not been assessed, and without comments on edge cases like malformed base_url inputs or token expiry handling in check_connection(), some robustness questions remain open.

Key Findings:

• bearer_token is correctly typed as a secret PWD type in connection_args.py, which is the right approach for credential handling in MindsDB integrations and avoids accidental credential exposure in logs or serialization.
• check_connection() validates both base_url and bearer_token presence, but the review did not cover whether it performs any actual HTTP reachability check or merely validates that config values are non-empty — a purely structural check could give false confidence on misconfigured endpoints.
• Three of the seven changed files were not reviewed by automated analysis, leaving potential edge cases in untested paths — particularly around how the passthrough handler surfaces HTTP errors from the upstream REST API back to the MindsDB caller.
• The explicit redirect to /passthrough in native_query, get_tables, and get_columns is a clean design that sets correct user expectations, though the quality of the error message and whether it includes actionable guidance was not confirmed in the review.

Files requiring special attention

• rest_api_handler.py
• connection_args.py

[MinuraPunchihewa]

This looks good to me. The only comment I would make is that it might make sense to include support for the other auth mechanisms, like username/password and API key. However, I think this can be tackled later in a separate PR.