API authentication

Create a bearer token

πŸ€“ Who can do this? You will need to be an admin user to create a bearer token. However, you can share the token with anyone to give them programmatic access.

To create a bearer token:

  1. From the left menu of any screen, click Admin.
  2. Under Workspace, click API Tokens.
  3. In the upper right of the API Tokens table, click the Generate API Token button:
    1. For Name enter a name for your API token, for example the system or application that will use this token.
    2. (Optional) For Description enter a description for your API token, for example its intended use. You can also add or change the description later.
    3. (Optional) For Personas select any asset-level permissions you want to give to the token. You can also add these later.
    4. (Optional) If you would like the token to be temporary, for Expiry choose the time after which the token should automatically become invalid.
    5. At the bottom right, click the Save button.
🚨 Careful! Remember to copy or download the token now β€” this is your only opportunity to do so. (If you've already forgotten, just delete the API token and create a new one.)

Use the bearer token

You must authenticate all requests to Atlan's APIs. You can authenticate your requests by sending the following header:

Authorization: Bearer <token>

So, for example, if the API token you copied had the value eyJhbGciOi..., you would use the header:

Authorization: Bearer eyJhbGciOi...
🚨 Careful! Note that the value of the Authorization header is the combination of the word Bearer, a space, and then the token's value. The token copied from Atlan does not include this Bearer prefix.

Token permissions

By default, each API token will have the permissions of an admin user, without connection admin privileges. This means the token is able to:

  • Call administrative API endpoints. For example, to create users and groups.
  • Call governance API endpoints. For example, to create governance objects like tags, custom metadata, personas and purposes.
🚨 Careful! The API token will only be able to access connections (and assets within them) that the token itself created. Even connections with All Admins set as connection admins will not be accessible by the token, without a persona assigned to the token.

To provide access to any connections and assets, you need to add one or more personas to the token that have access to that connection's assets.

Once personas are assigned to the token, the token will be able to:

  • Create, read, update, delete, and search glossaries (and their content) that are accessible by those assigned personas.
  • Create, read, update, delete, and search any assets that are accessible by those personas.

Related articles

Was this article helpful?
1 out of 1 found this helpful