Users can use personal access tokens or passwords to authenticate and access Databricks REST APIs. Tokens are similar to passwords; you should treat them with care. Tokens have expirations and can be revoked, unlike passwords.

Listed below are the example cURL commands that demonstrate REST API authentication.

Personal access token:

  1. Generate your token from the Token Management page.
  1. Save your token in .netrc. Use your Databricks username or the word “token” as the login and the value of your token as the password.

    machine YOUR_DOMAIN
    password TOKEN_VALUE

    Replace YOUR_DOMAIN with the <ACCOUNT> domain name of your Databricks deployment. For YOUR_USERNAME, you can enter your Databricks username or the word token.

  1. Specify your curl commands with -n

    curl -n -X GET https://YOUR_DOMAIN/api/2.0/token/list

    Alternatively, you can place your token in a header with basic authentication :

    -H "Authorization: Basic ENCODED_TOKEN_VALUE" where ENCODED_TOKEN_VALUE is the base64 encoding of the string “YOUR_USERNAME:TOKEN_VALUE”.

    echo -n "YOUR_USERNAME:TOKEN_VALUE" | base64
    curl -H "Authorization: Basic ENCODED_TOKEN_VALUE" -X GET https://YOUR_DOMAIN/api/2.0/token/list

Username and password:

  • Recommended: place your credentials in .netrc and specify your commands with -n.

    curl -n -X GET https://YOUR_DOMAIN/api/2.0/token/list
  • Not recommended: use environmental variables to set your credentials and pass them into -u.

    curl -u YOUR_USERNAME:YOUR_PASSWORD -X GET https://YOUR_DOMAIN/api/2.0/token/list

Token Management

Databricks Admins can enable REST API Tokens, so users can use tokens instead of username/passwords for REST API Authentication. These tokens have expiration and can be revoked. Personal access tokens are disabled by default.

To generate and revoke personal access tokens:

  1. Click the user profile icon in the upper right corner of your Databricks workspace.
  2. Click User Settings.
  3. Go to the Access Tokens tab.
  4. Click the Generate Token button.


You can create a token with an optional comment and expiration time.


You will then receive the token value, which can be used for authentication.


You can also revoke tokens.