Where do I find the api key for curl call to dataiku api?

Jiec168
Level 2
Where do I find the api key for curl call to dataiku api?

I am reading the article at https://doc.dataiku.com/dss/api/9.0/rest/#api-services-api-services-get and try to get info via a dataiku instance api by command line curl call. I got the id and secret from the instance UI page /admin/security/apikeys/. But it keeps complaining unknown api key. What did I do it wrong? Thanks.

 

 

 

 

Operating system used: Linux


Operating system used: Linux

0 Kudos
7 Replies
AgatheG
Dataiker

Hi @Jiec168,

 

To perform a GET curl call, you should follow this syntax:

curl --user YOUR_API_KEY_SECRET: -H "Content-Type: application/json" -X GET YOUR_URL

 

Also please note it is not advised to share an API key secret, you should probably delete this API key and create another for your instance ๐Ÿ˜Š

 

Hope that helps!

 

Agathe

0 Kudos
CoreyS
Dataiker Alumni

Hi @Jiec168 for security reasons we removed the API key from your original post. As Agathe instructed, however, we strongly advise that you create another API key for your instance.

Looking for more resources to help you use Dataiku effectively and upskill your knowledge? Check out these great resources: Dataiku Academy | Documentation | Knowledge Base

A reply answered your question? Mark as โ€˜Accepted Solutionโ€™ to help others like you!
0 Kudos
Turribeach

While the two answers above are helpful and right in that you should not disclose your API keys they haven't actually answered your question. The API keys under /admin/security/apikeys/ are to control the Dataiku instance, not the API endpoint you developed. You can create keys for each of your API endpoints by going to the project where you developed the API, then select API Designer from the three dots at the top, then select your API service and then go to the Security tab and create new keys. Don't forget to re-deploy the API service to the API node if you make changes to the API keys.

Jiec168
Level 2
Author

Thank you for the reply.

So the api access is only for each specific project? What about general admin access or for all projects access via the api? We are trying to develop a provisioning/decommissioning automation triggered from Jenkins to be able to create/remove a given project via its api. Is that possible? I do see from /admin/security/audit-buffer/ that the key I was trying to use but said not recognized are being used to trigger different project trainings. That is why I thought I could use the same key for my purpose.

Thank you all for your security concerns. I felt so frustrated that I couldn't use the api key for access while seeing it was being used based on the audit log. The host is actually behind firewall on a subnet. It is only accessible via VPN. But yes and yes, exposing the key publicly is definitely a very bad practice. I will be very cautious about it in future. Thank you all again.

0 Kudos
HarizoR
Developer Advocate

Hi,

In order to create and delete projects, you can use an API key with admin privileges. More precisely, you can create a personal API key for a Dataiku user that has admin permissions on the instance. Don't hesitate to read https://doc.dataiku.com/dss/latest/publicapi/keys.html for more details.

 

Best,

Harizo

0 Kudos
Jiec168
Level 2
Author

Hi @HarizoR ,

I did create a key pair with Global Admin permissions and apiAccess as Label under Global API Keys in UI /admin/security/apikeys/. But when I use the id and secret in the following like curl call, it keeps saying "Unknown API Key" in the returned error message. How do I create personal api key in /admin/security/personalapikeys/? The page is blank without any create button there. Thanks.

 

 

curl --user {Id}:{Secret} -H "Content-Type: application/json" -X GET http://dataiku_instance:12000/public/api/projects/

 

 

 

0 Kudos
HarizoR
Developer Advocate

Hi,

 

As stated in our documentation, Dataiku relies on HTTP basic authentication: in order to use the API key properly in your request, the "Id" field must be filled by the API key itself and the "secret" field must be left blank.

If you are not familiar with HTTP and curl I recommend that you use our Python client instead.

 

Best,

Harizo

0 Kudos