Token API 2.0

The Token API allows you to create, list, and revoke tokens that can be used to authenticate and access Databricks REST APIs.

Important

To access Databricks REST APIs, you must authenticate.

Create

Endpoint HTTP Method
2.0/token/create POST

Create and return a token. This call returns the error QUOTA_EXCEEDED if the current number of non-expired tokens exceeds the token quota. The token quota for a user is 600.

Example

Request

curl --netrc --request POST \
https://<databricks-instance>/api/2.0/token/create \
--data '{ "comment": "This is an example token", "lifetime_seconds": 7776000 }' \
| jq .

Replace:

  • <databricks-instance> with the Databricks workspace instance name, for example 1234567890123456.7.gcp.databricks.com.
  • This is an example token with a description to attach to the token.
  • 7776000 with the lifetime of the token, in seconds. This example specifies 90 days.

This example uses a .netrc file and jq.

Response

{
  "token_value": "dapi1a2b3c45d67890e1f234567a8bc9012d",
  "token_info": {
    "token_id": "1234567890a12bc3456de789012f34ab56c78d9012e3fabc4de56f7a89b012c3",
    "creation_time": 1626286601651,
    "expiry_time": 1634062601651,
    "comment": "This is an example token"
  }
}

Request structure

Field Name Type Description
lifetime_seconds LONG The lifetime of the token, in seconds. If no lifetime is specified, the token remains valid indefinitely.
comment STRING Optional description to attach to the token.

Response structure

Field Name Type Description
token_value STRING The value of the newly-created token.
token_info Public token info The public metadata of the newly-created token.

List

Endpoint HTTP Method
2.0/token/list GET

List all the valid tokens for a user-workspace pair.

Example

Request

curl --netrc --request GET \
https://<databricks-instance>/api/2.0/token/list \
| jq .

Replace <databricks-instance> with the Databricks workspace instance name, for example 1234567890123456.7.gcp.databricks.com.

This example uses a .netrc file and jq.

Response

{
  "token_infos": [
    {
      "token_id": "1234567890a12bc3456de789012f34ab56c78d9012e3fabc4de56f7a89b012c3",
      "creation_time": 1626286601651,
      "expiry_time": 1634062601651,
      "comment": "This is an example token"
    },
    {
      "token_id": "2345678901a12bc3456de789012f34ab56c78d9012e3fabc4de56f7a89b012c4",
      "creation_time": 1626286906596,
      "expiry_time": 1634062906596,
      "comment": "This is another example token"
    }
  ]
}

Response structure

Field Name Type Description
token_infos An array of Public token info A list of token information for a user-workspace pair.

Revoke

Endpoint HTTP Method
2.0/token/delete POST

Revoke an access token. This call returns the error RESOURCE_DOES_NOT_EXIST if a token with the specified ID is not valid.

Example

curl --netrc --request POST \
https://<databricks-instance>/api/2.0/token/delete \
--data '{ "token_id": "<token-id>" }'

This example uses a .netrc file.

Replace:

  • <databricks-instance> with the Databricks workspace instance name, for example 1234567890123456.7.gcp.databricks.com.
  • <token-id> with the ID of the token, for example 1234567890a12bc3456de789012f34ab56c78d9012e3fabc4de56f7a89b012c3.

Request structure

Field Name Type Description
token_id STRING The ID of the token to be revoked.

Data structures

In this section:

Public token info

A data structure that describes the public metadata of an access token.

Field Name Type Description
token_id STRING The ID of the token.
creation_time LONG Server time (in epoch milliseconds) when the token was created.
expiry_time LONG Server time (in epoch milliseconds) when the token will expire, or -1 if not applicable.
comment STRING Comment the token was created with, if applicable.