https://community.databricks.com/t5/administration-architecture/oauth-api-for-service-user/m-p/120013#M3395 <P><a href="https://community.databricks.com/t5/user/viewprofilepage/user-id/165414">@andreapeterson</a>&nbsp;isn't it the API you are looking for?<BR /><A href="https://docs.databricks.com/api/azure/account/serviceprincipalsecrets/create" target="_blank">https://docs.databricks.com/api/azure/account/serviceprincipalsecrets/create</A></P><P>It is an account-level API, but, counterintuitively, when we create service principals in the workspace, they propagate into account behind the scene! If you <A href="https://docs.databricks.com/api/azure/account/accountserviceprincipals/create" target="_blank" rel="noopener">create</A> an account-level SP right away, it will not be added into any workspace, but can be added later using workspace-level <A href="https://docs.databricks.com/api/azure/workspace/serviceprincipals/create" target="_blank" rel="noopener">create</A> method. It is pretty confusing, because when we do that in the UI, these details are hidden from us. At least this is how it works in my Azure environment. It took me a while to realize that.</P><P>To summarize, in your case you need to try to create OAuth secret using the account-level API I gave, even though you created it in the workspace. Hopefully you have permissions to call account API in your org.</P> Fri, 23 May 2025 00:38:11 GMT vr 2025-05-23T00:38:11Z https://community.databricks.com/t5/administration-architecture/oauth-api-for-service-user/m-p/119901#M3386 <P>Is there a way to programmatically create an OAuth secret for for a workspace service principal via API/SDK? As of now, the only way I can see doing this is through UI</P> Wed, 21 May 2025 18:26:15 GMT https://community.databricks.com/t5/administration-architecture/oauth-api-for-service-user/m-p/119901#M3386 andreapeterson 2025-05-21T18:26:15Z https://community.databricks.com/t5/administration-architecture/oauth-api-for-service-user/m-p/119924#M3391 <P>Hi&nbsp;<a href="https://community.databricks.com/t5/user/viewprofilepage/user-id/165414">@andreapeterson</a>&nbsp;,</P> <P>Currently, there isn't support for creating OAuth secrets through the API, only through the UI in the admin console. You can create 'on behalf of' tokens through the API for service principals, but not an OAuth secret at the moment:&nbsp;<A href="https://docs.databricks.com/api/workspace/tokenmanagement/createobotoken" target="_blank">https://docs.databricks.com/api/workspace/tokenmanagement/createobotoken</A>&nbsp;</P> Wed, 21 May 2025 22:06:20 GMT https://community.databricks.com/t5/administration-architecture/oauth-api-for-service-user/m-p/119924#M3391 Shua42 2025-05-21T22:06:20Z https://community.databricks.com/t5/administration-architecture/oauth-api-for-service-user/m-p/119988#M3392 <P>Hi Shua,<BR />Thanks for responding. What is the difference between a token and OAuth? I only see OAuth in UI.&nbsp;<BR />Also, is adding OAuth secrets for a service principal via api on the road map for Databricks?</P> Thu, 22 May 2025 16:12:53 GMT https://community.databricks.com/t5/administration-architecture/oauth-api-for-service-user/m-p/119988#M3392 andreapeterson 2025-05-22T16:12:53Z https://community.databricks.com/t5/administration-architecture/oauth-api-for-service-user/m-p/120013#M3395 <P><a href="https://community.databricks.com/t5/user/viewprofilepage/user-id/165414">@andreapeterson</a>&nbsp;isn't it the API you are looking for?<BR /><A href="https://docs.databricks.com/api/azure/account/serviceprincipalsecrets/create" target="_blank">https://docs.databricks.com/api/azure/account/serviceprincipalsecrets/create</A></P><P>It is an account-level API, but, counterintuitively, when we create service principals in the workspace, they propagate into account behind the scene! If you <A href="https://docs.databricks.com/api/azure/account/accountserviceprincipals/create" target="_blank" rel="noopener">create</A> an account-level SP right away, it will not be added into any workspace, but can be added later using workspace-level <A href="https://docs.databricks.com/api/azure/workspace/serviceprincipals/create" target="_blank" rel="noopener">create</A> method. It is pretty confusing, because when we do that in the UI, these details are hidden from us. At least this is how it works in my Azure environment. It took me a while to realize that.</P><P>To summarize, in your case you need to try to create OAuth secret using the account-level API I gave, even though you created it in the workspace. Hopefully you have permissions to call account API in your org.</P> Fri, 23 May 2025 00:38:11 GMT https://community.databricks.com/t5/administration-architecture/oauth-api-for-service-user/m-p/120013#M3395 vr 2025-05-23T00:38:11Z https://community.databricks.com/t5/administration-architecture/oauth-api-for-service-user/m-p/120553#M3414 <P>This was exactly it! I do have permissions to call account api's in my org, however I did not realize I could call that api to make oauth secrets for other various&nbsp;<EM>workspace principals,&nbsp;</EM>so thank you so much for helping me and finding this and explaining that, it is confusing the propagation behind the scenes but I think I am finally getting the hang of it haha. Thank you again this was a great find</P> Thu, 29 May 2025 13:41:35 GMT https://community.databricks.com/t5/administration-architecture/oauth-api-for-service-user/m-p/120553#M3414 andreapeterson 2025-05-29T13:41:35Z