Authentication using Databricks personal access tokens in Databricks SQL


This feature is in Public Preview.

To authenticate to and access Databricks REST APIs, you can use Databricks personal access tokens or passwords. We strongly recommend that you use tokens.

Generate a personal access token

See Personal access tokens.

Use a personal access token to access the Databricks REST API

You can store a personal access token in .netrc and use in curl or pass it to the Authorization: Bearer header.

Store token in .netrc file and use in curl

Create a .netrc file with machine, login, and password properties:

machine <databricks-instance>
login token
password <personal-access-token>


  • <databricks-instance> is the workspace URL of your Databricks deployment.
  • token is the literal string token
  • <personal-access-token> is the value of your personal access token.


You can optionally set login to your Databricks username and password to your Databricks password. However, we recommend that you use a personal access token to authenticate to an API endpoint. If you choose to use a username and password, do not use -u to pass your credentials as follows:

curl -u <your-username>:<your-password> -X GET https://<databricks-instance>/api/2.0/sql/endpoints/

To invoke the .netrc file, use -n in your curl command:

curl -n -X GET https://<databricks-instance>/api/2.0/sql/endpoints/get?id=<endpoint-id>

Pass token to Bearer authentication

You can include the token in the header using Bearer authentication.

curl -X GET -H 'Authorization: Bearer <personal-access-token>' https://<databricks-instance>/api/2.0/sql/endpoints/