Users can use personal access tokens or passwords to authenticate and access Databricks REST APIs. Tokens are similar to passwords; you should treat them with care. Tokens have expirations and can be revoked, unlike passwords.

Listed below are the example cURL commands that demonstrate REST API authentication.

  • Personal access token:
    1. Generate your token from the Token Management page.
    2. Save your token in .netrc and specify your commands with -n. Use token as the login and your token as the password. Alternatively (not recommended), place your token in a header with -H "Authorization: Bearer TOKEN_VALUE".
  • Username and password:
    • Recommended: place your credentials in .netrc and specify your commands with -n.
    • Not recommended: use environmental variables to set your credentials and pass them into -u.
curl -n -H "Content-Type: application/json" \
    -X POST \
    -d '{
      "cluster_name": "flights",
      "spark_version": "3.3.x-scala2.11",
      "node_type_id": "r3.xlarge",
      "spark_conf": {
        "spark.speculation": true
      "aws_attributes": {
        "availability": "SPOT",
        "zone_id": "us-west-2c"
      "num_workers": 2
    }' \

Replace YOUR_DOMAIN with the <ACCOUNT> domain name of your Databricks deployment.

Token Management

Databricks Admins can enable REST API Tokens, so users can use tokens instead of username/passwords for REST API Authentication. These tokens have expiration and can be revoked. Personal access tokens are disabled by default.

Users can generate and revoke their personal access tokens from “Access Tokens” tab in “User Settings” as shown below.


You can create a token with an optional comment and expiration time.


You will then receive the token value, which can be used for authentication.


You can also revoke tokens.