Token API 2.0

The Token API allows you to create, list, and revoke tokens that can be used to authenticate and access Databricks REST APIs.

Important

To access Databricks REST APIs, you must authenticate.

Create

Endpoint

HTTP Method

2.0/token/create

POST

Create and return a token. This call returns the error QUOTA_EXCEEDED if the current number of non-expired tokens exceeds the token quota. The token quota for a user is 600.

Example

Request 

curl --netrc --request POST \
https://<databricks-instance>/api/2.0/token/create \
--data '{ "comment": "This is an example token", "lifetime_seconds": 7776000 }' \
| jq .

Replace:

  • <databricks-instance> with the Databricks workspace instance name, for example 1234567890123456.7.gcp.databricks.com.

  • This is an example token with a description to attach to the token.

  • 7776000 with the lifetime of the token, in seconds. This example specifies 90 days.

This example uses a .netrc file and jq.

Response 

{
  "token_value": "dapi1a2b3c45d67890e1f234567a8bc9012d",
  "token_info": {
    "token_id": "1234567890a12bc3456de789012f34ab56c78d9012e3fabc4de56f7a89b012c3",
    "creation_time": 1626286601651,
    "expiry_time": 1634062601651,
    "comment": "This is an example token"
  }
}

Request structure

Field Name

Type

Description

lifetime_seconds

LONG

The lifetime of the token, in seconds. If no lifetime is specified, the token remains valid indefinitely.

comment

STRING

Optional description to attach to the token.

Response structure

Field Name

Type

Description

token_value

STRING

The value of the newly-created token.

token_info

Public token info

The public metadata of the newly-created token.

List

Endpoint

HTTP Method

2.0/token/list

GET

List all the valid tokens for a user-workspace pair.

Example

Request 

curl --netrc --request GET \
https://<databricks-instance>/api/2.0/token/list \
| jq .

Replace <databricks-instance> with the Databricks workspace instance name, for example 1234567890123456.7.gcp.databricks.com.

This example uses a .netrc file and jq.

Response 

{
  "token_infos": [
    {
      "token_id": "1234567890a12bc3456de789012f34ab56c78d9012e3fabc4de56f7a89b012c3",
      "creation_time": 1626286601651,
      "expiry_time": 1634062601651,
      "comment": "This is an example token"
    },
    {
      "token_id": "2345678901a12bc3456de789012f34ab56c78d9012e3fabc4de56f7a89b012c4",
      "creation_time": 1626286906596,
      "expiry_time": 1634062906596,
      "comment": "This is another example token"
    }
  ]
}

Response structure

Field Name

Type

Description

token_infos

An array of Public token info

A list of token information for a user-workspace pair.

Revoke

Endpoint

HTTP Method

2.0/token/delete

POST

Revoke an access token. This call returns the error RESOURCE_DOES_NOT_EXIST if a token with the specified ID is not valid.

Example 

curl --netrc --request POST \
https://<databricks-instance>/api/2.0/token/delete \
--data '{ "token_id": "<token-id>" }'

This example uses a .netrc file.

Replace:

  • <databricks-instance> with the Databricks workspace instance name, for example 1234567890123456.7.gcp.databricks.com.

  • <token-id> with the ID of the token, for example 1234567890a12bc3456de789012f34ab56c78d9012e3fabc4de56f7a89b012c3.

Request structure

Field Name

Type

Description

token_id

STRING

The ID of the token to be revoked.

Data structures

In this section:

Public token info

A data structure that describes the public metadata of an access token.

Field Name

Type

Description

token_id

STRING

The ID of the token.

creation_time

LONG

Server time (in epoch milliseconds) when the token was created.

expiry_time

LONG

Server time (in epoch milliseconds) when the token will expire, or -1 if not applicable.

comment

STRING

Comment the token was created with, if applicable.