To authenticate to and access Databricks REST APIs, you can use Databricks personal access tokens or passwords. We strongly recommend that you use tokens.
Tokens take the place of passwords in an authentication flow, and like passwords, they should always be treated with care. To protect tokens, Databricks recommends that you store tokens in:
Token-based authentication is enabled by default for all Databricks accounts launched after January 2018. If it is disabled, your administrator must enable it before you can perform the tasks described in this article. See Manage personal access tokens.
This section describes how to generate a personal access token in the Databricks UI. You can also generate and revoke tokens using the Token API.
The number of personal access tokens per user is limited to 600 per workspace.
Click the user profile icon in the upper right corner of your Databricks workspace.
Click User Settings.
Go to the Access Tokens tab.
Click the Generate New Token button.
Optionally enter a description (comment) and expiration period.
Click the Generate button.
Copy the generated token and store in a secure location.
This section describes how to revoke personal access tokens using the Databricks UI. You can also generate and revoke access tokens using the Token API.
- Click the user profile icon in the upper right corner of your Databricks workspace.
- Click User Settings.
- Go to the Access Tokens tab.
- Click x for the token you want to revoke.
- On the Revoke Token dialog, click the Revoke Token button.
You can store a personal access token in
.netrc and use in
curl or pass it to the
Authorization: Bearer header.
Create a .netrc file with
machine <databricks-instance> login token password <personal-access-token>
<databricks-instance>is the workspace URL of your Databricks deployment.
tokenis the literal string
<personal-access-token>is the value of your personal access token.
You can optionally set
login to your Databricks username and
password to your Databricks password. However, we recommend that you use a personal access token to authenticate to an API endpoint.
If you choose to use a username and password, do not use
-u to pass your credentials as follows:
curl -u <your-username>:<your-password> -X GET https://<databricks-instance>/api/2.0/clusters/list
To invoke the
.netrc file, use
-n in your
curl -n -X GET https://<databricks-instance>/api/2.0/clusters/list
You can include the token in the header using
Bearer authentication. You can use this approach with
curl or any client that you build. For the latter, see Upload a big file into DBFS.
curl -X GET -H 'Authorization: Bearer <personal-access-token>' https://<databricks-instance>/api/2.0/clusters/list