Area: API
Sub-Area: Authentication
Issue
Personal Access Token (PAT) creation fails, tokens do not work as expected, or there is confusion about token scope and permissions. This affects API authentication and programmatic access to DataHub.
Solution
Note: For DataHub Cloud customers, infrastructure-level changes (Kubernetes, AWS resources, operating system configurations) are managed by DataHub Support. The solutions below focus on configuration changes that customers can implement.
Verify token creation permissions:
- Only users with "Generate Personal Access Tokens" privilege can create tokens
- Check Settings → Access Tokens to see if the option is available
- Admin users may need to grant this privilege via Policies
Create Personal Access Token:
- Navigate to Settings → Access Tokens
- Click "Create new token"
- Choose appropriate duration (note: ONE_WEEK duration may have issues in some versions)
- Recommended: Use 1MONTH or 3MONTHS duration for stability
Use token in API calls:
curl -X POST 'https://your-datahub.acryl.io/api/graphql' \
-H 'Authorization: Bearer YOUR_TOKEN_HERE' \
-H 'Content-Type: application/json' \
-d '{"query": "{ ... }"}'
- Troubleshoot token issues:
- Tokens are user-scoped, not organization-scoped
- Regenerate token if it stops working unexpectedly
- Check token expiration date
- Ensure correct Authorization header format with "Bearer" prefix
Additional Notes
Always backup your DataHub configuration before making changes. Test solutions in a non-production environment when possible.
Related Documentation
Related Tickets
- 5668, 5814, 5809, 5715, 5690, 4755
Tags:
api, authentication, token, troubleshooting