Users can use either personal access tokens or passwords to authenticate and access Databricks REST APIs. Tokens are similar to passwords and it is recommended to treat them with care. These tokens have expirations and can be revoked unlike passwords.

Listed below are the example cURL commands that demonstrate REST API authentication.

  • Personal access token:
    1. Generate your token from the Token Management page.
    2. Place your token in the header as -H "Authorization: Bearer TOKEN_VALUE".
  • Username and password:
    • Recommended: place your credentials in .netrc and specify your commands with -n.
    • Not recommended: use environmental variables to set your credentials and pass them into -u.
  curl -n -H "Content-Type: application/json" \
  -X POST \
  -d '{
  "cluster_name": "flights",
  "spark_version": "2.0.x-scala2.10",
  "node_type_id": "r3.xlarge",
  "spark_conf": {
    "spark.speculation": true
"aws_attributes": {
  "availability": "SPOT",
  "zone_id": "us-west-2c"
"num_workers": 2
}' \

Token Management

Databricks Admins can enable REST API Tokens, so users can use tokens instead of username/passwords for REST API Authentication. These tokens have expiration and can be revoked. Personal access tokens are disabled by default.

Users can generate and revoke their personal access tokens from “Access Tokens” tab in “User Settings” as shown below.


You can create a token with an optional comment and expiration time.


You will then receive the token value, which can be used for authentication.


You can also revoke tokens.