How to retrieve the API token without using the web interface.
17 views
Skip to first unread message
Pedro Luis
Dec 22, 2025, 5:57:50 PM (2 days ago) Dec 22
to Dataverse Users Community
Dears,
We are working on installing and configuring Dataverse using scripts and RPilot, and a question has arisen.
I need the API token to execute some commands, but can I obtain this token without using the Dataverse web interface? For example, to insert a new role via the API, I need to declare the API_TOKEN variable in the environment. How can I get this token without accessing the web interface? Is this possible?
Thank you for your attention,
We are working on installing and configuring Dataverse using scripts and RPilot, and a question has arisen.
I need the API token to execute some commands, but can I obtain this token without using the Dataverse web interface? For example, to insert a new role via the API, I need to declare the API_TOKEN variable in the environment. How can I get this token without accessing the web interface? Is this possible?
Thank you for your attention,
Pedro Luís
Técnico em Tecnologia da Informação
Técnico em Tecnologia da Informação
Faculdade de Biblioteconomia e Comunicação
Universidade Federal do Rio Grande do Sul - Brazil
Philip Durbin
Dec 23, 2025, 11:36:38 AM (yesterday) Dec 23
to dataverse...@googlegroups.com
Hi Pedro Luis,
It's possible (for builtin users) with the database setting :AllowApiTokenLookupViaApi (setting it to "true") but it isn't recommended.
The history is that we got a similar request from OSF and others in https://github.com/IQSS/dataverse/issues/1818 when they integrated with Dataverse. Lookup of an API token (again for builtin users only) was implemented in Dataverse 4.0 but within a couple years, in the context of password guessing attacks, we disabled this functionality out-of-the-box and added the database setting above to turn it back on. See https://github.com/IQSS/dataverse/issues/3153#issuecomment-336222515
I'm emphasizing that the lookup only ever worked for builtin accounts because, in practice, most Dataverse installations have some sort of institutional login such as Shibboleth/SAML or OIDC turned on.
An alternative to API tokens are bearer tokens but the Dataverse installation must be set up to support them. See https://guides.dataverse.org/en/6.9/api/auth.html#bearer-tokens
Here's a related issue: https://github.com/gdcc/pyDataverse/issues/209
And a related conversation: #python > auth options @ 💬
Since you're talking about installing and configuring Dataverse, it reminds me of a recent conversation we had about auth and the admin API in the Containerization working group, which I summarized yesterday here: https://github.com/IQSS/dataverse/issues/7659#issuecomment-3684129288
I hope this helps! Please keep the questions coming!
Phil
--
You received this message because you are subscribed to the Google Groups "Dataverse Users Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email to dataverse-commu...@googlegroups.com.
To view this discussion visit https://groups.google.com/d/msgid/dataverse-community/26121550-3d08-4e7c-87d1-2e51011896ccn%40googlegroups.com.
--
Philip Durbin
Software Developer for http://dataverse.org
http://www.iq.harvard.edu/people/philip-durbin
Software Developer for http://dataverse.org
http://www.iq.harvard.edu/people/philip-durbin
Reply all
Reply to author
Forward
0 new messages