search
Try Pentaho! - Start your 30 day evaluation today

Authentication

The Data Catalog API is protected using JWT bearer tokens. You must obtain a token from the Auth endpoint and include it in the Authorization header of your requests to call protected APIs.

hashtag
Auth endpoint

URL

POST /api/public/v1/auth

Description Generates a JWT bearer token when provided with valid credentials.

hashtag
Request

Headers

Header
Value

Content-Type

application/x-www-form-urlencoded

Accept

application/json

Body parameters

Field
Type
Required
Example value
Description

username

string

Yes

[email protected]

PDC login username.

password

string

Yes

password

PDC login password.

client_id

string

Yes

pdc-client

Client identifier for API authentication.

grant_type

string

Yes

password

Grant type used for authentication.

scope

string

Yes

openid profile email

Scope of the token request.

hashtag
Example request

curl -X POST "https://<your-domain>/api/public/v1/auth" \
  -H "accept: application/json" \
  -H "Content-Type: application/x-www-form-urlencoded" \
  -d "[email protected]&password=Welcome123!&client_id=pdc-client&grant_type=password&scope=openid%20profile%20email"

hashtag
Responses

hashtag
200 — OK

Returns a JWT bearer token.

Example response

hashtag
400 — Bad Request

Returned when required parameters are missing or invalid.

Example response

hashtag
401 — Unauthorized

Returned when credentials are incorrect or a bearer token is missing in a protected call.

Example response

hashtag
500 — Internal Server Error

Returned when the server fails to process the request.

Example response

hashtag
503 — Service Unavailable

Returned when the authentication service is unavailable or the connection is refused.

Example response

hashtag
Using the token

Include the token in the Authorization header for subsequent requests:

hashtag
Authorize in Swagger UI

Perform the following steps to authorize in Swagger UI:

  1. Open Swagger UI:

  2. Click the Authorize button.

  3. Paste your bearer token (without the Bearer prefix).

  4. Click Authorize.

Swagger UI will automatically include the token in all subsequent requests.

hashtag
Token behavior

When you authenticate through the Auth endpoint, PDC issues a JWT (JSON Web Token) that grants access to protected API endpoints. Understanding how these tokens behave will help you manage sessions and build reliable integrations.

  • Token type: The token is a JWT (JSON Web Token). It is a signed token that contains encoded claims about the authenticated user, such as identity and assigned roles. You must present this token in the Authorization header when calling secured endpoints.

  • Lifetime: Tokens are short-lived to reduce security risks. The exact validity period (for example, 15 minutes, 1 hour, or longer) depends on how your PDC instance is configured by the administrator. After the token expires, all API calls will return 401 Unauthorized until you obtain a new token.

  • Refresh: PDC does not issue refresh tokens. This means that once your access token expires, you must re-authenticate using your username and password to generate a new token. Automations or scripts should include logic to handle re-authentication.

  • Scopes and roles: The level of access provided by the token depends on the role assigned to the user in PDC. Roles such as Administrator, Data Steward, or Analyst determine what actions you can perform with the API. For example, an Analyst may be able to search and retrieve data assets, while an Administrator can also manage data sources and jobs.

PreviousGet started with PDC APINextErrors

Last updated

Was this helpful?