Getting a Cloudera Data Engineering API access token

Cloudera Data Engineering uses JSON Web Tokens (JWT) for API authentication. To interact with a virtual cluster using the API, you must obtain an access token for that cluster.

Determine the authentication endpoint for your virtual cluster:

Navigate to the Cloudera Data Engineering Overview page by clicking the Data Engineering tile in the Cloudera management console.
In the Cloudera Data Engineering Services column, select the environment containing the virtual cluster you want to interact with.
In the Virtual Clusters column on the right, click the Cluster Details icon on the virtual cluster you want to interact with.
Click the link under GRAFANA CHARTS. The hostname of the URL in your browser is the base URL, and /gateway/authtkn/knoxtoken/api/v1/token is the endpoint. For example:
```
https://service.cde-czlmkz4y.na-01.xvp2-7p8o.cloudera.site/gateway/authtkn/knoxtoken/api/v1/token
```

From the client you want to use to access the API, run curl -u <workload_user> <auth_endpoint>. Enter your workload password when prompted.
For example:
```
curl -u csso_psherman https://service.cde-czlmkz4y.na-01.xvp2-7p8o.cloudera.site/gateway/authtkn/knoxtoken/api/v1/token
```
The user account is your Cloudera workload user.
In the output, the access_token value is the JWT. For convenience, copy it and set it as an environment variable:
```
export CDE_TOKEN=<access_token>
```
Alternatively, you can set the token in a single step using jq to extract the token:
```
export CDE_TOKEN=$(curl -s -u <workload_user> <auth_endpoint> | jq -r '.access_token')
```

See Using an access token in Cloudera API calls for instructions on using the token in API calls.