Where do I find the api key for curl call to dataiku api?

Jiec168
Jiec168 Registered Posts: 3

I am reading the article at https://doc.dataiku.com/dss/api/9.0/rest/#api-services-api-services-get and try to get info via a dataiku instance api by command line curl call. I got the id and secret from the instance UI page /admin/security/apikeys/. But it keeps complaining unknown api key. What did I do it wrong? Thanks.


Operating system used: Linux


Operating system used: Linux

Answers

  • AgatheG
    AgatheG Dataiker, Registered Posts: 37 Dataiker
    edited July 17

    Hi @Jiec168,

    To perform a GET curl call, you should follow this syntax:

    curl --user YOUR_API_KEY_SECRET: -H "Content-Type: application/json" -X GET YOUR_URL

    Also please note it is not advised to share an API key secret, you should probably delete this API key and create another for your instance

    Hope that helps!

    Agathe

  • CoreyS
    CoreyS Dataiker Alumni, Dataiku DSS Core Designer, Dataiku DSS Core Concepts, Registered Posts: 1,150 ✭✭✭✭✭✭✭✭✭

    Hi @Jiec168
    for security reasons we removed the API key from your original post. As Agathe instructed, however, we strongly advise that you create another API key for your instance.

  • Turribeach
    Turribeach Dataiku DSS Core Designer, Neuron, Dataiku DSS Adv Designer, Registered, Neuron 2023 Posts: 2,166 Neuron

    While the two answers above are helpful and right in that you should not disclose your API keys they haven't actually answered your question. The API keys under /admin/security/apikeys/ are to control the Dataiku instance, not the API endpoint you developed. You can create keys for each of your API endpoints by going to the project where you developed the API, then select API Designer from the three dots at the top, then select your API service and then go to the Security tab and create new keys. Don't forget to re-deploy the API service to the API node if you make changes to the API keys.

  • Jiec168
    Jiec168 Registered Posts: 3

    Thank you for the reply.

    So the api access is only for each specific project? What about general admin access or for all projects access via the api? We are trying to develop a provisioning/decommissioning automation triggered from Jenkins to be able to create/remove a given project via its api. Is that possible? I do see from /admin/security/audit-buffer/ that the key I was trying to use but said not recognized are being used to trigger different project trainings. That is why I thought I could use the same key for my purpose.

    Thank you all for your security concerns. I felt so frustrated that I couldn't use the api key for access while seeing it was being used based on the audit log. The host is actually behind firewall on a subnet. It is only accessible via VPN. But yes and yes, exposing the key publicly is definitely a very bad practice. I will be very cautious about it in future. Thank you all again.

  • HarizoR
    HarizoR Dataiker, Alpha Tester, Registered Posts: 138 Dataiker

    Hi,

    In order to create and delete projects, you can use an API key with admin privileges. More precisely, you can create a personal API key for a Dataiku user that has admin permissions on the instance. Don't hesitate to read https://doc.dataiku.com/dss/latest/publicapi/keys.html for more details.

    Best,

    Harizo

  • Jiec168
    Jiec168 Registered Posts: 3
    edited July 17

    Hi @HarizoR
    ,

    I did create a key pair with Global Admin permissions and apiAccess as Label under Global API Keys in UI /admin/security/apikeys/. But when I use the id and secret in the following like curl call, it keeps saying "Unknown API Key" in the returned error message. How do I create personal api key in /admin/security/personalapikeys/? The page is blank without any create button there. Thanks.

    curl --user {Id}:{Secret} -H "Content-Type: application/json" -X GET http://dataiku_instance:12000/public/api/projects/

  • HarizoR
    HarizoR Dataiker, Alpha Tester, Registered Posts: 138 Dataiker

    Hi,

    As stated in our documentation, Dataiku relies on HTTP basic authentication: in order to use the API key properly in your request, the "Id" field must be filled by the API key itself and the "secret" field must be left blank.

    If you are not familiar with HTTP and curl I recommend that you use our Python client instead.

    Best,

    Harizo

Setup Info
    Tags
      Help me…