Getting a Cloudera Data Engineering API access token
Cloudera Data Engineering uses JSON Web Tokens (JWT) for API authentication. To interact with a virtual cluster using the API, you must obtain an access token for that cluster.
Before you begin
Determine the authentication endpoint for your virtual cluster:
- Navigate to the Cloudera Data Engineering Overview page by clicking the Data Engineering tile in the Cloudera Data Platform (CDP) management console.
- In the Services column, select the environment containing the virtual cluster you want to interact with.
- In the Virtual Clusters column on the right, click the Cluster Details icon on the virtual cluster you want to interact with.
- Click the link under GRAFANA CHARTS. The hostname of the URL in
your browser is the base URL, and
/gateway/<***authtkn-OR-cdptkn***>/knoxtoken/api/v1/tokenis the endpoint.- Example: LDAP Authentication URL
https://service.cde-czlmkz4y.na-01.xvp2-7p8o.cloudera.site/gateway/authtkn/knoxtoken/api/v1/token
- Example: Access Key Authentication URL
https://service.cde-czlmkz4y.na-01.xvp2-7p8o.cloudera.site/gateway/cdptkn/knoxtoken/api/v1/token
- Example: LDAP Authentication URL
- From the client you want to use to access the API, run
curl -u <workload_user> <auth_endpoint>. Enter your workload password when prompted.For example:curl -u csso_psherman https://service.cde-czlmkz4y.na-01.xvp2-7p8o.cloudera.site/gateway/authtkn/knoxtoken/api/v1/tokenThe user account is your CDP workload user . - In the output, the
access_tokenvalue is the JWT. For convenience, copy it and set it as an environment variable:export CDE_TOKEN=<access_token>Alternatively, you can set the token in a single step usingjqto extract the token:export CDE_TOKEN=$(curl -s -u <workload_user> <auth_endpoint> | jq -r '.access_token')
See Using an access token in Cloudera Data Engineering API calls for instructions on using the token in API calls.
