Authentication

You can use personal access tokens to authenticate and access Azure Databricks REST APIs. Tokens are similar to passwords; you should treat them with care. Tokens expire and can be revoked.

Prerequisites

Your administrator must enable personal access tokens for your organization’s Azure Databricks account.

Generate a token

This section describes how to generate a personal access token in the Azure Databricks UI. You can also generate and revoke tokens using the Token API.

  1. Click the user profile icon User Profile in the upper right corner of your Azure Databricks workspace.

  2. Click User Settings.

  3. Go to the Access Tokens tab.

    List_Tokens

  4. Click the Generate New Token button.

  5. Optionally enter a description (comment) and expiration period.

    Generate_Token

  6. Click the Generate button.

Revoke a token

This section describes how to revoke personal access tokens using the Azure Databricks UI. You can also generate and revoke access tokens using the Token API.

  1. Click the user profile icon User Profile in the upper right corner of your Azure Databricks workspace.
  2. Click User Settings.
  3. Go to the Access Tokens tab.
  4. Click x for the token you want to revoke.
  5. On the Revoke Token dialog, click the Revoke Token button.

Use tokens for API authentication

This section shows how to:

  • Use a .netrc file to store a token and invoke the file in a command.
  • Use the token in an HTTP header using Bearer authentication.

Store token in .netrc file

Create a .netrc file with machine, login, and password properties:

machine <your-domain>
login <your-username>
password <personal-access-token-value>

Replace <your-domain> with the domain name of your Azure Databricks deployment. For example, <region>.azuredatabricks.net. Set login to the word token and password to the value of your personal access token.

To invoke the .netrc file, use -n in your curl commands.

curl -n -X GET https://<your-domain>/api/2.0/token/list

Pass token to Bearer authentication

Include the token in the header using Bearer authentication. You can use this approach with curl or any client that you build.

curl 'https://<your-domain>/api/2.0/token/list' -X GET -H "Authorization: Bearer <personal-access-token-value>"