Create a bearer token
🤓 Who can do this? You will need to be an admin user to create a bearer token. However, you can share the token with anyone to give them programmatic access.
To create a bearer token:
- From the left menu of any screen, click Admin.
- Under Workspace, click API tokens.
- In the upper right of the API tokens table, click the Generate API token button and enter the following details:
- For Name, enter a name for your API token — for example, the system or application that will use this token.
- (Optional) For Description, enter a description for your API token — for example, its intended use. You can also add or change the description later.
- (Optional) For Personas, select any asset-level permissions you want to give to the token. You can also add these later.
- (Optional) For Collections, select any query collections you want to provide access to the token. You can also add these later.
- (Optional) If you would like the token to be temporary, for Expiry, choose the time after which the token should automatically become invalid.
- At the bottom right, click the Save button.
- (Optional) If and when you no longer need your API token, on an active token's row, click the trash icon to delete your API token and then click the Delete button to confirm deletion.
🚨 Careful! Remember to copy or download the token now — this is your only opportunity to do so. (If you've already forgotten, just delete the API token and create a new one.)
Use the bearer token
You must authenticate all requests to Atlan's APIs. You can authenticate your requests by sending the following header:
Authorization: Bearer <token>So, for example, if the API token you copied had the value eyJhbGciOi..., you would use the header:
Authorization: Bearer eyJhbGciOi...🚨 Careful! Note that the value of the
Authorization header is the combination of the word Bearer, a space, and then the token's value. The token copied from Atlan does not include this Bearer prefix.Token permissions
By default, each API token will have the permissions of an admin user, without connection admin privileges. This means the token is able to:
- Call administrative API endpoints. For example, to create users and groups.
- Call governance API endpoints. For example, to create governance objects like tags, custom metadata, personas and purposes.
🚨 Careful! The API token will only be able to access connections (and assets within them) that the token itself created. Even connections with All Admins set as connection admins will not be accessible by the token, without a persona assigned to the token.
To provide access to any connections and assets, you need to add one or more personas to the token that have access to that connection's assets.
Once personas are assigned to the token, the token will be able to:
- Create, read, update, delete, and search glossaries (and their content) that are accessible by those assigned personas.
- Create, read, update, delete, and search any assets that are accessible by those personas.