You can generate credentials to authenticate application requests or test model
endpoints directly from the Model Endpoint Details page in the Cloudera AI console. Using
the Generate Key / Token menu, you can obtain Knox API keys or short-lived JWT tokens
without leaving the interface.
To generate API Keys, the backing Data Lake must be running Cloudera Data Lake 7.3.1 or 7.3.2 or later.
Table 1. Credential Types and Use Cases
Credential Type
Use Case
Lifetime
Knox API Key
Production applications, long-term automation, and background services.
Long-lived
UMS JWT Token
Ad-hoc testing, debugging, and interactive command-line requests.
Short-lived
In the Cloudera console,
click the Cloudera AI tile.
The Cloudera AI Workbenches page
displays.
Click Model Endpoints under Deployments
on the left navigation menu.
The Model Endpoints landing page is displayed.
From the Model Endpoints landing page, select the specific
endpoint you want to access.
The Model Endpoint Details page displays.
In the page header, click the Generate Key / Token dropdown menu and select one of the following options:
Generate API Key: Select this for long-lived, programmatic access by
external applications or services.
Cloudera AI initiates a Knox SSO flow to generate the
key.
The key is automatically copied to your clipboard, and a success notification
appears.
Generate JWT Token: Select this for short-lived, temporary authentication,
such as manual testing via curl or a REST client.
Cloudera AI reuses the UMS JWT token from your current UI
session.
The token is copied to your clipboard, and a confirmation notification
appears.
Open Knox UI: Select this to manage Knox-level access policies or review
configuration settings for the backing Data Lake.
The Knox integration page opens in a new browser tab.
