Token API 2.0

The Token API allows you to create, list, and revoke tokens that can be used to authenticate and access Databricks REST APIs.

Important

To access Databricks REST APIs, you must authenticate.

Create

Endpoint	HTTP Method
`2.0/token/create`	`POST`

Create and return a token. This call returns the error QUOTA_EXCEEDED if the current number of non-expired tokens exceeds the token quota. The token quota for a user is 600.

Example

Request

curl --netrc --request POST \
https://<databricks-instance>/api/2.0/token/create \
--data '{ "comment": "This is an example token", "lifetime_seconds": 7776000 }' \
| jq .

Replace:

<databricks-instance> with the Databricks workspace instance name, for example 1234567890123456.7.gcp.databricks.com.
This is an example token with a description to attach to the token.
7776000 with the lifetime of the token, in seconds. This example specifies 90 days.

This example uses a .netrc file and jq.

Response

{
  "token_value": "dapi1a2b3c45d67890e1f234567a8bc9012d",
  "token_info": {
    "token_id": "1234567890a12bc3456de789012f34ab56c78d9012e3fabc4de56f7a89b012c3",
    "creation_time": 1626286601651,
    "expiry_time": 1634062601651,
    "comment": "This is an example token"
  }
}

Request structure

Field Name	Type	Description
lifetime_seconds	`LONG`	The lifetime of the token, in seconds. If no lifetime is specified, the token remains valid indefinitely.
comment	`STRING`	Optional description to attach to the token.

Response structure

Field Name	Type	Description
token_value	`STRING`	The value of the newly-created token.
token_info	Public token info	The public metadata of the newly-created token.

List

Endpoint	HTTP Method
`2.0/token/list`	`GET`

List all the valid tokens for a user-workspace pair.

Example

Request

curl --netrc --request GET \
https://<databricks-instance>/api/2.0/token/list \
| jq .

Replace <databricks-instance> with the Databricks workspace instance name, for example 1234567890123456.7.gcp.databricks.com.

This example uses a .netrc file and jq.

Response

{
  "token_infos": [
    {
      "token_id": "1234567890a12bc3456de789012f34ab56c78d9012e3fabc4de56f7a89b012c3",
      "creation_time": 1626286601651,
      "expiry_time": 1634062601651,
      "comment": "This is an example token"
    },
    {
      "token_id": "2345678901a12bc3456de789012f34ab56c78d9012e3fabc4de56f7a89b012c4",
      "creation_time": 1626286906596,
      "expiry_time": 1634062906596,
      "comment": "This is another example token"
    }
  ]
}

Response structure

Field Name	Type	Description
token_infos	An array of Public token info	A list of token information for a user-workspace pair.

Revoke

Endpoint	HTTP Method
`2.0/token/delete`	`POST`

Revoke an access token. This call returns the error RESOURCE_DOES_NOT_EXIST if a token with the specified ID is not valid.

Example

curl --netrc --request POST \
https://<databricks-instance>/api/2.0/token/delete \
--data '{ "token_id": "<token-id>" }'

This example uses a .netrc file.

Replace:

<databricks-instance> with the Databricks workspace instance name, for example 1234567890123456.7.gcp.databricks.com.
<token-id> with the ID of the token, for example 1234567890a12bc3456de789012f34ab56c78d9012e3fabc4de56f7a89b012c3.

Request structure

Field Name	Type	Description
token_id	`STRING`	The ID of the token to be revoked.

Data structures

In this section:

Public token info

Public token info

A data structure that describes the public metadata of an access token.

Field Name	Type	Description
token_id	`STRING`	The ID of the token.
creation_time	`LONG`	Server time (in epoch milliseconds) when the token was created.
expiry_time	`LONG`	Server time (in epoch milliseconds) when the token will expire, or -1 if not applicable.
comment	`STRING`	Comment the token was created with, if applicable.