Authentication

To authenticate and access Databricks REST APIs, you can use personal access tokens or passwords. We strongly recommend that you use tokens. Like passwords, tokens should be treated with care. Unlike passwords, tokens expire and can be revoked.

Requirements

Your administrator must enable personal access tokens for your organization’s Databricks account.

Generate a token

This section describes how to generate a personal access token in the Databricks UI. You can also generate and revoke tokens using the Token API.

  1. Click the user profile icon User Profile in the upper right corner of your Databricks workspace.

  2. Click User Settings.

  3. Go to the Access Tokens tab.

    List_Tokens

  4. Click the Generate New Token button.

  5. Optionally enter a description (comment) and expiration period.

    Generate_Token

  6. Click the Generate button.

  7. Copy the generated token and store in a secure location.

Revoke a token

This section describes how to revoke personal access tokens using the Databricks UI. You can also generate and revoke access tokens using the Token API.

  1. Click the user profile icon User Profile in the upper right corner of your Databricks workspace.
  2. Click User Settings.
  3. Go to the Access Tokens tab.
  4. Click x for the token you want to revoke.
  5. On the Revoke Token dialog, click the Revoke Token button.

Use tokens for API authentication

Store token in .netrc file and use in curl

Create a .netrc file with machine, login, and password properties:

machine <your-domain>
login token
password <personal-access-token-value>

Replace <your-domain> with the domain name of your Databricks deployment. For example, <your-account>.cloud.databricks.com.

Important

You can optionally set login to your Databricks username and password to your Databricks password. However, we recommend that you use a personal access token to authenticate to an API endpoint. If you choose to use a username and password, do not use -u to pass your credentials. In other words, do not use curl -u <your-username>:<your-password> -X GET https://<your-domain>/api/2.0/token/list.

Replace <personal-access-token-value> with the value of your personal access token.

To invoke the .netrc file, use -n in your curl command:

curl -n -X GET https://<your-domain>/api/2.0/token/list

Pass token to Bearer authentication

You can include the token in the header using Bearer authentication. You can use this approach with curl or any client that you build.

curl 'https://<your-domain>/api/2.0/token/list' -X GET -H "Authorization: Bearer <personal-access-token-value>"