Hi @Rajat-TVSM
Youโre absolutely right that Personal Access Tokens (PATs) are not considered a production best practice. For accessing Agent / Model Serving endpoints from outside Databricks, the recommended and supported approach for production is:
Service Principal authentication (OAuth-based)
- Create a Service Principal
- Grant it permissions on the serving endpoint
- Authenticate using short-lived OAuth tokens
- Call the Databricks Serving REST API from external systems
This approach provides proper security, token rotation, and governance, and is suitable for production workloads, CI/CD pipelines, and external applications.
PATs should be limited to development or proof-of-concept use cases only.
Optionally, for more enterprise-grade setups, an AI Gateway can be used in front of the serving endpoint to centralize authentication, rate limiting, and observability.
Hope this helps clarify the recommended production setup.
Gema.
