Getting a Cloudera Data Engineering API access token
Cloudera Data Engineering uses JSON Web Tokens (JWT) for API
authentication. To interact with a virtual cluster using the API, you must
obtain an access token for that cluster.
Before you begin
Determine the authentication endpoint for your virtual cluster:
In the Cloudera Data Platform (CDP) console, click the Data
Engineering tile. The Home page displays.
In the Virtual Clusters section, navigate to the virtual cluster
for which you want.
Click View Cluster Details for the virtual cluster.
The
Administration/Virtual Cluster page is
displayed.
Click GRAFANA CHARTS. The hostname of the URL in your browser is
the base URL, and
/gateway/<***authtkn-OR-cdptkn***>/knoxtoken/api/v1/token
is the endpoint.
From the client you want to use to access the API, run curl -u
<workload_user> <auth_endpoint>. Enter your workload password when
prompted.For
example:
Generate DE workload auth token using CDP IAM API.
The IAM API endpoint
<CDP_ENDPOINT>/api/v1/iam/generateWorkloadAuthToken is called to generate a CDP
Access Token. A CDP API call requires a request signature to be passed in the
"x-altus-auth" header, along with a corresponding timestamp in the "x-altus-date"
header. The cdpcurl library constructs the headers automatically. However, if you
would rather use a different HTTP client, such as ordinary curl, you can use the
cdpv1sign script within cdpcurl to generate these required headers.
The request
body contains workload-name as DE and is authenticated using the CDP Access Key. This
request must also be signed as per the specification is available here either manually
or use the cdpv1sign library to generate these necessary headers through automation
script.
