Authentication

Users can use personal access tokens or passwords to authenticate and access Databricks REST APIs. Tokens are similar to passwords; you should treat them with care. Tokens have expirations and can be revoked, unlike passwords.

Listed below are the example cURL commands that demonstrate REST API authentication.

Personal access token:

  1. Generate your token from the Token Management page.
  1. Save your token in .netrc. Use your Databricks username or the word “token” as the login and the value of your token as the password.

    machine YOUR_DOMAIN
    login YOUR_USERNAME
    password TOKEN_VALUE
    

    Replace YOUR_DOMAIN with the <ACCOUNT>.cloud.databricks.com domain name of your Databricks deployment. For YOUR_USERNAME, you can enter your Databricks username or the word token.

  1. Specify your curl commands with -n

    curl -n -X GET https://YOUR_DOMAIN/api/2.0/token/list
    

    Alternatively, you can place your token in a header with basic authentication :

    -H "Authorization: Basic ENCODED_TOKEN_VALUE" where ENCODED_TOKEN_VALUE is the base64 encoding of the string “YOUR_USERNAME:TOKEN_VALUE”.

    echo -n "YOUR_USERNAME:TOKEN_VALUE" | base64
    > ENCODED_TOKEN_VALUE
    curl -H "Authorization: Basic ENCODED_TOKEN_VALUE" -X GET https://YOUR_DOMAIN/api/2.0/token/list
    

Username and password:

  • Recommended: place your credentials in .netrc and specify your commands with -n.

    curl -n -X GET https://YOUR_DOMAIN/api/2.0/token/list
    
  • Not recommended: use environmental variables to set your credentials and pass them into -u.

    curl -u YOUR_USERNAME:YOUR_PASSWORD -X GET https://YOUR_DOMAIN/api/2.0/token/list
    

Token Management

Databricks Admins can enable REST API Tokens, so users can use tokens instead of username/passwords for REST API Authentication. These tokens have expiration and can be revoked. Personal access tokens are disabled by default.

To generate and revoke personal access tokens:

  1. Click the user profile icon in the upper right corner of your Databricks workspace.
  2. Click User Settings.
  3. Go to the Access Tokens tab.
  4. Click the Generate Token button.

List_Tokens

You can create a token with an optional comment and expiration time.

Generate_Token

You will then receive the token value, which can be used for authentication.

Token_Value

You can also revoke tokens.

Revoke_Token