Support Questions

NovSeek · ‎05-14-2026

I can get a Knox token from the Web UI in CDP Private Cloud, but is it possible to get it from the API without having to use the Web UI?

DianaTorres · ‎05-14-2026

Welcome to the Cloudera Community!

To help you get the best possible solution, I have tagged our Knox experts @niparmar @Scharan who may be able to assist you further.

Please keep us updated on your post, and we hope you find a satisfactory solution to your query.

Regards,

Diana Torres,
Senior Community Moderator

Was your question answered? Make sure to mark the answer as the accepted solution.
If you find a reply useful, say thanks by clicking on the thumbs up button.
Learn more about the Cloudera Community:
Community Guidelines
How to use the forum

vamsi_redd · ‎05-14-2026

@NovSeek,

You can try follwoing

curl -k -c cookies3.txt -L -u knox_user:knoxpass https://ccycloud-1.nightly-cm-my.root.comops.site:8443/gateway/homepage/knoxtoken/api/v1/token | jq -r '.access_token' > knox-access-token.txt

Knox token will be stored in knox-access-token.txt

[root@ccycloud-1.nightly-cm-my.root.comops.site ~]# curl -ku Token:eyJqa3UiOiJodHRwczovL2NjeWNsb3VkLTEubmlnaHRseS1jbS1teS5yb290LmNvbW9wcy5zaXRlOjg0NDMvZ2F0ZXdheS9ob21lcGFnZS9rbm94dG9rZW4vYXBpL3YxL2p3a3MuanNvbiIsImtpZCI6Ikh2cVJaVjBkRk1US0pGSEpUWnJiQjN1MWlHOVA2cGNsOFpFLWU5SzJXTzQiLCJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiJ9.eyJzdWIiOiJrbm94dWkiLCJhdWQiOiJjZHAtcHJveHktdG9rZW4iLCJqa3UiOiJodHRwczovL2NjeWNsb3VkLTEubmlnaHRseS1jbS1teS5yb290LmNvbW9wcy5zaXRlOjg0NDMvZ2F0ZXdheS9ob21lcGFnZS9rbm94dG9rZW4vYXBpL3YxL2p3a3MuanNvbiIsImtpZCI6Ikh2cVJaVjBkRk1US0pGSEpUWnJiQjN1MWlHOVA2cGNsOFpFLWU5SzJXTzQiLCJpc3MiOiJLTk9YU1NPIiwiZXhwIjoxNzc4ODEyMTU3LCJtYW5hZ2VkLnRva2VuIjoidHJ1ZSIsImtub3guaWQiOiJiOThjYjNiMi0yNmNmLTQ1NTktOWJiMi1kNGRhOTljYjg0ODMifQ.wejWLyybDpYcGGsJF_VQA0GSSXAlLQsTM2H9z9-Yn-WWYfjzGq-a_h04ShEW0hgMaSuf2lVQKx16JKaNRk5-FPXP7EYLl1MFEmAsCMZjDFaRdcP8gqDOz6HDtWWveaQ51UiUOHpit2PsYZjxlu8MD_iOQn_Lpg92558VxiQKZdHO7lJbPQgDcOjPbbIPM-ZdpZOUbbJyj3Z1HsOfJHw2BogfpQe9TuLfN7MVjUvO5l6tbwh9qeV75jWBuiB6Iij6dp4lewKTrdaAIH-Hp8laCJbF13bPgFitOkg_fBln8dpJ8XNNoltriZLbZ01az1Oq4hY0iZSRbiglOJXP2F2miw https://ccycloud-1.nightly-cm-my.root.comops.site:8443/gateway/cdp-proxy-token/webhdfs/v1?op=LISTSTA...

{"FileStatuses":{"FileStatus":[{"accessTime":0,"blockSize":0,"childrenNum":12,"fileId":16415,"group":"hbase","length":0,"modificationTime":1778772940944,"owner":"hbase","pathSuffix":"hbase","permission":"755","replication":0,"storagePolicy":0,"type":"DIRECTORY"},{"accessTime":0,"blockSize":0,"childrenNum":1,"fileId":16386,"group":"supergroup","length":0,"modificationTime":1778513008087,"owner":"hdfs","pathSuffix":"ranger","permission":"755","replication":0,"storagePolicy":0,"type":"DIRECTORY"},{"accessTime":0,"blockSize":0,"childrenNum":0,"fileId":16417,"group":"solr","length":0,"modificationTime":1778513048696,"owner":"solr","pathSuffix":"solr-infra","permission":"775","replication":0,"storagePolicy":0,"type":"DIRECTORY"},{"accessTime":0,"blockSize":0,"childrenNum":3,"fileId":16412,"group":"supergroup","length":0,"modificationTime":1778516233701,"owner":"hdfs","pathSuffix":"tmp","permission":"1777","replication":0,"storagePolicy":0,"type":"DIRECTORY"},{"accessTime":0,"blockSize":0,"childrenNum":13,"fileId":16394,"group":"supergroup","length":0,"modificationTime":1778578527265,"owner":"hdfs","pathSuffix":"user","permission":"755","replication":0,"storagePolicy":0,"type":"DIRECTORY"},{"accessTime":0,"blockSize":0,"childrenNum":1,"fileId":16399,"group":"supergroup","length":0,"modificationTime":1778513044819,"owner":"hdfs","pathSuffix":"warehouse","permission":"755","replication":0,"storagePolicy":0,"type":"DIRECTORY"},{"accessTime":0,"blockSize":0,"childrenNum":1,"fileId":16407,"group":"supergroup","length":0,"modificationTime":1778513047786,"owner":"hdfs","pathSuffix":"yarn","permission":"755","replication":0,"storagePolicy":0,"type":"DIRECTORY"}]}}[root@ccycloud-1.nightly-cm-my.root.comops.site ~]#

NovSeek · ‎05-15-2026

Thanks for the reply. That is valid but not quite what I want to do. I am trying to do it without having the cookie.txt file. I think I need to set up an additional topology that has basic/ldap auth and use that to generate the Knox token.

steven-matison · ‎05-20-2026

@NovSeek I believe the sample above is just demonstrating use of API call. You should be able to complete the same outcome in any other manner (e.g. not curl to a text file) programaticallly against the CM/Knox api.

DianaTorres · ‎05-26-2026

@NovSeek Has the reply helped resolve your issue? If so, please mark the appropriate reply as the solution, as it will make it easier for others to find the answer in the future. If you are still experiencing the issue, can you provide more information? Thanks.

Regards,

Diana Torres,
Senior Community Moderator

Was your question answered? Make sure to mark the answer as the accepted solution.
If you find a reply useful, say thanks by clicking on the thumbs up button.
Learn more about the Cloudera Community:
Community Guidelines
How to use the forum

NovSeek · ‎05-27-2026

No it has not.

steven-matison · ‎05-28-2026

Here is another way...

Instead of basic auth (user/pass), you could use Kerberos to authenticate the request programmatically. This removes the need for hardcoded credentials.

Using Python (requests-kerberos):

Python 
import requests
from requests_kerberos import HTTPKerberosAuth

knox_url = "https://<knox-host>:8443/gateway/knoxsso/api/v1/token"
# This uses your existing kinit session
response = requests.get(knox_url, auth=HTTPKerberosAuth(), verify=False)

if response.status_code == 200:
    token_data = response.json()
    print(f"Your Token: {token_data['access_token']}")

Set up a Kerberos keytab for your service account, and use a script (Python or Java) to hit the Knox Token API using SPNEGO. This is the enterprise-standard way to automate Knox token generation without the Web UI or manual password entry.

I think there are quite a few alternatives here, java, nifi, etc

Support Questions

Is it possible to generate a Knox token pro-grammatically?