API tokens
API tokens provide long-lived, backwards-compatible authentication for programmatic access to Atlan APIs. By default, a token has admin-level API privileges (excluding connection admin) and can call administrative and governance endpoints. Asset access is separate and is granted via personas assigned to the token.
Prerequisites
-
Admin access to create tokens.
-
Personas planned for the token if it must read or modify specific connections/assets.
- Without personas, a token can only access connections (and their assets) that the token itself created. With personas, the token can create/read/update/delete/search glossaries and other assets permitted by those personas.
-
Tenant base URL (for example,
https://<your-tenant>.atlan.com) to construct API requests.
Create API token
-
Open your tenant, and from the left menu click Admin.
-
Under Workspace, click API access.
-
In the upper-right, click Generate new and select Generate API token.
-
In the modal, enter a Name. For example:
dbt-cloud-sync -
Enter a Description to note the intended use.
Service account for dbt Cloud → Atlan sync -
Set an Expiry if you want the token to auto invalidate after a period.
-
Select Personas to grant access to specific connections and assets.
-
Click Save. This generates the API token.
The full token is displayed only once after creation. If you lose it, delete the token and create a new one.
- Copy or download the token now and store it securely (secret manager, vault, or environment variable).
Use API token
Authenticate every HTTP request with the token as a bearer credential.
-
Set the API origin to your tenant base URL and append the endpoint path.
https://<your-tenant>.atlan.com -
Add the HTTP header to every request:
Authorization: Bearer {token}For example, if the token value is
eyJhbGciOi..., set the header as:Authorization: Bearer eyJhbGciOi...