Skip to main content

API access

API access enables software (services, schedulers, CLIs, scripts) to programmatically call Atlan APIs without an interactive user session. It's independent of SSO/UI sessions and uses bearer tokens supplied in each request. API category permissions are governed by the credential’s assigned role/subrole, while asset visibility is governed by assigned personas. API endpoints and payloads are unchanged; this section describes authentication and scope only.

Authentication options

Atlan supports the following authentication methods for API access, select the method that best fits your use case:

🔑

API tokens

Long-lived tokens for simple, backwards-compatible programmatic access

  • Single static token tied to a user or service account for direct HTTP API calls
  • Suited to quick scripts, local prototyping, and legacy tools that do not support OAuth
  • Simpler setup with no token exchange, but higher risk if leaked
  • Inherits the full permissions of the issuing account; use dedicated service accounts
  • Store in a secrets manager or environment variable; never embed in client-side code
View Setup Guide