You can generate credentials to authenticate application requests or test model
endpoints directly from the Model Endpoint Details page in the Cloudera AI console. Using
the Generate Key / Token menu, you can obtain Knox API keys or short-lived JWT tokens
without leaving the interface.
To generate API Keys, the backing Data Lake must be running
Cloudera Data Lake 7.3.1 or 7.3.2 or higher versions.
Table 1. Credential options for authentication
Credential type
Use case
Lifetime
Knox API Key
Production applications, long-term automation, and background services.
Long-lived
UMS JWT Token
Ad-hoc testing, debugging, and interactive command-line requests.
Short-lived
In the Cloudera console,
click the Cloudera AI tile.
The Cloudera AI Workbenches page is
displayed.
Click Model Endpoints in the Deployments
section on the left navigation menu.
The Model Endpoints landing page is displayed.
On the Model Endpoints landing page, select the specific
endpoint you want to access.
The Model Endpoint Details page is displayed.
In the page header, click the Generate Key / Token dropdown menu and select one of the following options:
Generate API Key: Select this for long-lived, programmatic access by
external applications or services.
Cloudera AI initiates a Knox SSO flow to generate the
key.
The key is automatically copied to your clipboard, and a success notification is
displayed.
Generate JWT Token: Select this for short-lived, temporary authentication,
such as manual testing using curl or a REST client.
Cloudera AI reuses the UMS JWT token from your current UI
session.
The token is copied to your clipboard, and a confirmation notification is
displayed.
Open Knox UI: Select this to manage Knox-level access policies or review
configuration settings for the backing Data Lake.
The Knox integration page opens in a new browser tab.
