Authentication

You can use personal access tokens to authenticate and access Databricks REST APIs. Tokens are similar to passwords; you should treat them with care. Tokens expire and can be revoked.

This topic includes:

Prerequisites

Your administrator must enable personal access tokens for your organization’s Databricks account.

Generate token

This section describes how to generate personal access tokens using the Access Tokens tab in your user settings. You can also generate and revoke access tokens using the Token API.

  1. Click the user profile icon User Profile in the upper right corner of your Databricks workspace.

  2. Click User Settings.

  3. Go to the Access Tokens tab.

  4. Click the Generate New Token button.

    List_Tokens

  1. Optionally enter a description (comment) and expiration period.

    Generate_Token

  1. Click the Generate button.

Revoke token

This section describes how to revoke personal access tokens using the Access Tokens tab in your user settings. You can also generate and revoke access tokens using the Token API.

  1. Click the user profile icon User Profile in the upper right corner of your Databricks workspace.
  2. Click User Settings.
  3. Go to the Access Tokens tab.
  4. Click X for the token you want to revoke.
  5. On the Revoke Token dialog, click the Revoke Token button.

Use tokens for API authentication

This section shows how to:

  • Use a .netrc file to store tokens and invoke the file in a command.
  • How to use the token in an HTTP header using Bearer authentication.

.netrc

Save your token in a .netrc file, using your Databricks username or the word “token” as the login and the value of your token as the password.

machine YOUR_DOMAIN
login YOUR_USERNAME
password TOKEN_VALUE

Replace YOUR_DOMAIN with the domain name of your Databricks deployment. For example, <region>.azuredatabricks.net.

For YOUR_USERNAME, you can enter your Databricks username or the word token.

When you pass the token with your API requests, use -n in your curl commands to invoke the .netrc file.

curl -n -X GET https://YOUR_DOMAIN/api/2.0/token/list

Bearer authentication

Include the token in the header using Bearer authentication. You can use this approach with curl or any client that you build.

curl 'https://YOUR_DOMAIN/api/2.0/token/list' \
-X GET \
-H "Authorization: Bearer:<TOKEN_VALUE>"