Getting a Cloudera Data Engineering API access token
Cloudera Data Engineering uses JSON Web Tokens (JWT) for API
authentication. To interact with a virtual cluster using the API, you must
obtain an access token for that cluster.
Before you begin
Determine the authentication endpoint for your virtual cluster:
In the Cloudera console, click the Data
Engineering tile. The Home page displays.
In the Virtual Clusters section, navigate to the virtual cluster
for which you want.
Click View Cluster Details for the virtual cluster.
The
Administration/Virtual Cluster page is
displayed.
Click GRAFANA CHARTS. The hostname of the URL in your browser is
the base URL, and
/gateway/<***authtkn-OR-cdptkn***>/knoxtoken/api/v1/token
is the endpoint.
From the client you want to use to access the API, run curl -u
<workload_user> <auth_endpoint>. Enter your workload password when
prompted.For
example:
Generate DE workload auth token using Cloudera IAM
API.
The IAM API endpoint <CDP_ENDPOINT>/api/v1/iam/generateWorkloadAuthToken is
called to generate a Cloudera Access Token. A Cloudera API call requires a request signature to be
passed in the "x-altus-auth" header, along with a corresponding timestamp in the
"x-altus-date" header. The cdpcurl library constructs the headers automatically.
However, if you would rather use a different HTTP client, such as ordinary curl, you
can use the cdpv1sign script within cdpcurl to generate these required headers.
The request body contains workload-name as DE and is authenticated using the
Cloudera Access Key. This request must also be
signed as per the specification is available here either manually or use the cdpv1sign
library to generate these necessary headers through automation
script.
