The Trifacta REST APIs support the following methods of authentication.
NOTE: You must submit authentication credentials with each request to the platform.
Authenticating user must be a valid user of the deployed instance of the Trifacta platform.
As request parameters, you can submit username/password under Basic Auth to any REST API endpoint.
NOTE: The user must have permissions to execute the endpoint action.
This example submits authentication requirements over HTTP, including the username and password (
|Required username and password.|
|Required paths and filenames for storage of send and receive HTTP cookies.|
Fully qualified name of the host of the Trifacta platform
Port number through which to access the Trifacta platform. Default is
In a single-sign on environment, you can use basic authentication to interact with the APIs.
NOTE: Enabling SSO integration with the Trifacta platform requires additional configuration. See Configure SSO for AD-LDAP.
However, some changes are required:
- Basic authentication to the gateway must be enabled as part of the configuration for the reverse proxy. This feature is enabled by default, but please verify that it has not been explicitly disabled in your environment. For more information, see Configure SSO for AD-LDAP.
- You must authenticate using the SSO principal as the username and the LDAP or AD password associated with that user.
- You must authenticate to the SSO gateway. In the Trifacta platform, this value corresponds to the
NOTE: For the protocol identifier, you can also use
https if SSL is enabled. See Install SSL Certificate.
|LDAP principal and password associated with that username.|
For more information, see Configure SSO for AD-LDAP.
In a Kerberos environment, credentials must be submitted with each request using the SPNEGO Auth method.
- Kerberos is a network authentication protocol for client/server applications.
- SPNEGO provides a mechanism for extending Kerberos to Web applications through HTTP.
- For more information on the differences, see https://msdn.microsoft.com/en-us/library/ms995330.aspx#http-sso-2_topic2.
Credentials are authenticated by the KDC for each request.
NOTE: SPNEGO must be enabled and configured for your REST client or programming library.
Example 1 - Embedded in Java:
SPNEGO requires a custom client. The following SPNEGO client enables submission of URL-based authentication parameters from within Java: http://docs.oracle.com/javase/6/docs/technotes/guides/security/jgss/lab/part5.html
Example 2 - Using cURL:
To use cURL:
Verify that your version of cURL supports GSS:
- Verify that
SPNEGOare in the output.
kinitand authenticate using the hadoop principal:
Enables SPNEGO use in cURL. This option requires a library built with GSS-API or SSPI support. If this option is used several times, only the first one is used. Use
--proxy-negotiateto enable Negotiate (SPNEGO) for proxy authentication.
Required username. However, this username is ignored. Instead, the principal used in
For more information:
Since each request requires credentials, logging out is not required.
This page has no comments.