Authenticate with personal access tokens in Databricks SQL

To authenticate to and access Databricks REST APIs, you can use Databricks personal access tokens or passwords. We strongly recommend that you use tokens.

Generate a personal access token

See Databricks personal access tokens.

Use a personal access token to access the Databricks REST API

You can store a personal access token in .netrc and use in curl or pass it to the Authorization: Bearer header.

Store token in .netrc file and use in curl

Create a .netrc file with machine, login, and password properties:

machine <databricks-instance>
login token
password <personal-access-token>

where:

  • <databricks-instance> is the hostname part of the workspace URL of your Databricks deployment, after https:// and before the next /.

  • token is the literal string token

  • <personal-access-token> is the value of your personal access token.

Important

You can optionally set login to your Databricks username and password to your Databricks password. However, we recommend that you use a personal access token to authenticate to an API warehouse. If you choose to use a username and password, do not use -u to pass your credentials as follows:

curl -u <your-username>:<your-password> -X GET https://<databricks-instance>/api/2.0/sql/warehouses/

To invoke the .netrc file, use -n in your curl command:

curl -n -X GET https://<databricks-instance>/api/2.0/sql/warehouses/get?id=<warehouse-id>

For more information about using .netrc with cURL, see the cURL MAN page and the netrc page in the GNU netutils documentation.

Pass token to Bearer authentication

You can include the token in the header using Bearer authentication.

curl -X GET -H 'Authorization: Bearer <personal-access-token>' https://<databricks-instance>/api/2.0/sql/warehouses/