Resources/The Agent API Atlas/Data/Databricks

Everything an AI agent can do with the Databricks API.

A reference guide for building AI agents: every method, how to authenticate, and the permissions each one needs.

Endpoints40

API version2.1

Last updated23 June 2026

Orientation

How the Databricks API works.

The Databricks API is how an app or AI agent works with a Databricks workspace: running jobs and clusters, executing SQL on a warehouse, and reading the catalogs, schemas, and tables in its data hierarchy. Access is granted through a bearer token, either an OAuth token or a personal access token, and what that token can reach is set by workspace permissions on objects like jobs and by Unity Catalog privileges on the data, rather than per-endpoint scopes. Databricks also ships managed servers that expose its tools to agents, with the same permissions always enforced.

40Endpoints

9Capability groups

19Read

21Write

14Permissions

Authentication

Every call uses a bearer token in the Authorization header. The token is an OAuth access token or a personal access token, tied to either a user or a service principal. Databricks recommends OAuth over personal access tokens, with machine-to-machine OAuth, using a service principal's client ID and secret to mint a one-hour token, as the path for unattended automation and agents. The REST API answers at a per-workspace host, while account administration uses a separate account host.

Permissions

Access is governed by two layers, not by per-endpoint OAuth scopes. Workspace objects like jobs, clusters, warehouses, notebooks, and secret scopes use access control lists with levels such as CAN_VIEW, CAN_RUN, CAN_MANAGE_RUN, and CAN_MANAGE. Data is governed separately by Unity Catalog privileges on a catalog, schema, table, or volume, like USE CATALOG, USE SCHEMA, SELECT, MODIFY, READ VOLUME, and WRITE VOLUME, which inherit downward, so a grant on a catalog reaches its schemas and tables. USE CATALOG and USE SCHEMA are required to reach anything inside, and act as a boundary an owner controls. A token's reach is the intersection of its identity's object ACLs and Unity Catalog grants.

Versioning

Databricks versions each API surface with a number in the path rather than one account-wide version. The Jobs API is at 2.1, while clusters, SQL warehouses, SQL Statement Execution, files, workspace, and secrets sit at 2.0, and account-level APIs run their own versions. The platform ships dated release notes for behavioral changes, and an integration pins the path version it calls and moves up when a new one is released.

Data model

Databricks is a workspace with compute and a governed data hierarchy. Compute is jobs, all-purpose clusters, and SQL warehouses; an agent triggers work with run-now or runs SQL through the Statement Execution API. Data lives in Unity Catalog as a three-level namespace, catalog then schema then table, view, volume, function, or model, governed by privileges that inherit down. Files sit in Unity Catalog volumes or the older DBFS store, notebooks live in the workspace folder tree, and secrets hold credentials in scopes with their own access control lists.

Connect & authenticate

Connection & authentication methods.

How an app or AI agent connects to Databricks determines what it can reach. There is a route for calling the workspace REST API, and a set of hosted servers that expose Databricks tools to agents, each governed by the token behind it and the workspace and Unity Catalog permissions that token carries.

Ways to connect

REST API

The workspace REST API answers at the per-workspace host, like https://.cloud.databricks.com, and is versioned per surface in the path: jobs at 2.1, and clusters, SQL, files, workspace, and secrets at 2.0. A call authenticates with a bearer token, either a personal access token or an OAuth token. Account-level administration uses a separate account host.

Best forConnecting an app or AI agent to a Databricks workspace.

Governed byThe token, the workspace object ACLs, and Unity Catalog privileges it carries.

Docs ↗

Managed MCP servers (Model Context Protocol)

Databricks ships managed Model Context Protocol servers, in Public Preview, that expose workspace tools to AI agents at the per-workspace host. The paths are /api/2.0/mcp/functions/{catalog}/{schema} for Unity Catalog functions, /api/2.0/mcp/vector-search/{catalog}/{schema} for vector search indexes, /api/2.0/mcp/genie/{space_id} for a Genie space, and /api/2.0/mcp/sql for SQL. Unity Catalog permissions are always enforced, and on-behalf-of-user auth uses OAuth scopes, one per server.

Best forConnecting an AI agent to Databricks data and functions through MCP.

Governed byUnity Catalog permissions, and the OAuth grant or token behind the call.

Docs ↗

SQL Statement Execution API

A dedicated REST surface at /api/2.0/sql/statements runs SQL on a SQL warehouse without a database driver. A statement can run synchronously up to a wait timeout or asynchronously with a statement id to poll, and results come back inline or as external links. What the statement can read or change is gated by the running identity's Unity Catalog grants.

Best forRunning SQL queries against Databricks data from an app or AI agent.

Governed byThe token, CAN_USE on the warehouse, and Unity Catalog privileges.

Docs ↗

Authentication

OAuth machine-to-machine (service principal)

A service principal authenticates with its client ID and an OAuth secret using the client-credentials grant, with scope all-apis, and receives a one-hour access token sent as a bearer token. This is the recommended way for unattended automation and agents to connect, because the identity is a non-human service principal rather than a person.

TokenOAuth bearer access token (1-hour lifetime)

Best forUnattended automation and agents running as a service principal

Docs ↗

OAuth user-to-machine

A user signs in through the OAuth authorization-code flow and the app receives a short-lived access token plus a refresh token, acting with that user's identity and permissions. It suits interactive tools and apps that act on behalf of a signed-in person.

TokenOAuth bearer access token plus refresh token

Best forInteractive apps acting on behalf of a signed-in user

Docs ↗

Personal access token

A personal access token is a long-lived bearer string tied to a user or service principal, sent in the Authorization header. It is simple to use but does not expire on its own, so Databricks recommends OAuth over personal access tokens for new integrations, and workspace admins can disable token creation.

TokenBearer personal access token (dapi...)

Best forQuick scripts and tools where OAuth is not yet wired up

Docs ↗

Capability map

What an AI agent can do in Databricks.

The Databricks API is split into areas an agent can act on, like jobs, clusters, SQL warehouses, queries, the Unity Catalog data hierarchy, files, notebooks, and secrets. Each area has its own methods, and writes in some areas run compute, move data, or change who can reach what.

Jobs

10 endpoints

Create, read, list, update, reset, and delete jobs, trigger a run with run-now, and read or cancel job runs.

Running a job spends compute and runs real code.

View endpoints →

Clusters

4 endpoints

Create, list, start, and terminate all-purpose compute clusters.

Starting a cluster spends compute until it is terminated.

View endpoints →

SQL Warehouses

4 endpoints

Create, list, start, and stop SQL warehouses, the compute behind SQL queries.

A running warehouse spends compute until it is stopped.

View endpoints →

SQL Statement Execution

3 endpoints

Run a SQL statement on a warehouse, poll for its result, and cancel a running statement.

A statement can read or change any data the warehouse and grants allow.

View endpoints →

Unity Catalog

5 endpoints

List and read catalogs, schemas, and tables, the three-level data hierarchy, and read or change the grants on them.

A grant change moves the boundary of who can reach the data.

View endpoints →

Files & DBFS

5 endpoints

Upload, download, and delete files in Unity Catalog volumes, and read or write files in the older DBFS store.

A write here changes real file data.

View endpoints →

Workspace (notebooks)

3 endpoints

Import and export notebooks and list the workspace folder tree.

An import overwrites notebook source in the workspace.

View endpoints →

Secrets

3 endpoints

List secret scopes and the keys in a scope, and write a secret value.

Writing a secret stores a credential other code can read.

View endpoints →

Service principals

3 endpoints

List, read, and create the non-human identities that agents and automation run as.

Creating a service principal adds an identity that can be granted access.

View endpoints →

Endpoint reference

Every Databricks API method.

Filter by method, access, or permission, or search any path. Select a row for version detail, rate limits, the related webhook event, and the source.

Hide deprecated

Method	Endpoint	What it does	Access	Permission	Version
Jobs Create, read, list, update, reset, and delete jobs, trigger a run with run-now, and read or cancel job runs.10
POST	`/api/2.1/jobs/create`	Create a new job from a definition of tasks and a schedule.	write	`CAN_MANAGE`	Current
Needs workspace access to create jobs; the caller becomes the job owner. Any Unity Catalog data the job touches is still gated by the running identity's grants. Acts onjob Permission (capability)`CAN_MANAGE` VersionAvailable since the API’s base version Webhook eventNone Rate limit20 requests per second per workspace SourceOfficial documentation ↗
GET	`/api/2.1/jobs/get`	Get a single job's settings and metadata by job ID.	read	`CAN_VIEW`	Current
Read-only. Needs at least CAN_VIEW on the job. Acts onjob Permission (capability)`CAN_VIEW` VersionAvailable since the API’s base version Webhook eventNone Rate limit20 requests per second per workspace SourceOfficial documentation ↗
GET	`/api/2.1/jobs/list`	List jobs in the workspace, paginated.	read	`CAN_VIEW`	Current
Read-only. Returns the jobs the caller can see. Acts onjob Permission (capability)`CAN_VIEW` VersionAvailable since the API’s base version Webhook eventNone Rate limit20 requests per second per workspace SourceOfficial documentation ↗
POST	`/api/2.1/jobs/update`	Partially update a job's settings, leaving unspecified fields unchanged.	write	`CAN_MANAGE`	Current
Needs CAN_MANAGE on the job. Use reset to replace all settings instead. Acts onjob Permission (capability)`CAN_MANAGE` VersionAvailable since the API’s base version Webhook eventNone Rate limit10 requests per second per workspace SourceOfficial documentation ↗
POST	`/api/2.1/jobs/reset`	Overwrite all settings for a job with a new definition.	write	`CAN_MANAGE`	Current
Needs CAN_MANAGE on the job. Unlike update, this replaces every field. Acts onjob Permission (capability)`CAN_MANAGE` VersionAvailable since the API’s base version Webhook eventNone Rate limit20 requests per second per workspace SourceOfficial documentation ↗
POST	`/api/2.1/jobs/delete`	Delete a job.	write	`CAN_MANAGE`	Current
Needs CAN_MANAGE on the job. Removes the job definition and its run history. Acts onjob Permission (capability)`CAN_MANAGE` VersionAvailable since the API’s base version Webhook eventNone Rate limit10 requests per second per workspace SourceOfficial documentation ↗
POST	`/api/2.1/jobs/run-now`	Trigger a one-off run of an existing job, optionally passing parameters.	write	`CAN_MANAGE_RUN`	Current
Needs CAN_MANAGE_RUN on the job. The run executes real code and spends compute. The job runs as its configured identity, whose Unity Catalog grants gate the data it reaches. Acts onjob run Permission (capability)`CAN_MANAGE_RUN` VersionAvailable since the API’s base version Webhook eventNone Rate limit20 requests per second per workspace SourceOfficial documentation ↗
GET	`/api/2.1/jobs/runs/list`	List runs for a job or the whole workspace, paginated.	read	`CAN_VIEW`	Current
Read-only. Acts onjob run Permission (capability)`CAN_VIEW` VersionAvailable since the API’s base version Webhook eventNone Rate limit30 requests per second per workspace SourceOfficial documentation ↗
GET	`/api/2.1/jobs/runs/get`	Get the metadata, state, and tasks of a single job run.	read	`CAN_VIEW`	Current
Read-only. Acts onjob run Permission (capability)`CAN_VIEW` VersionAvailable since the API’s base version Webhook eventNone Rate limit100 requests per second per workspace SourceOfficial documentation ↗
POST	`/api/2.1/jobs/runs/cancel`	Cancel an active job run.	write	`CAN_MANAGE_RUN`	Current
Needs CAN_MANAGE_RUN on the job. Stops the run, which may leave partial work. Acts onjob run Permission (capability)`CAN_MANAGE_RUN` VersionAvailable since the API’s base version Webhook eventNone Rate limit10 requests per second per workspace SourceOfficial documentation ↗
Clusters Create, list, start, and terminate all-purpose compute clusters.4
POST	`/api/2.0/clusters/create`	Create an all-purpose compute cluster.	write	`CAN_MANAGE`	Current
Needs the Allow unrestricted cluster creation entitlement or a cluster policy. A running cluster spends compute. Acts oncluster Permission (capability)`CAN_MANAGE` VersionAvailable since the API’s base version Webhook eventNone Rate limitStandard limits apply SourceOfficial documentation ↗
GET	`/api/2.0/clusters/list`	List all-purpose clusters in the workspace.	read	`CAN_VIEW`	Current
Read-only. Acts oncluster Permission (capability)`CAN_VIEW` VersionAvailable since the API’s base version Webhook eventNone Rate limitStandard limits apply SourceOfficial documentation ↗
POST	`/api/2.0/clusters/start`	Start a terminated cluster by ID.	write	`CAN_RESTART`	Current
Needs at least CAN_RESTART on the cluster. The cluster spends compute once running. Acts oncluster Permission (capability)`CAN_RESTART` VersionAvailable since the API’s base version Webhook eventNone Rate limitStandard limits apply SourceOfficial documentation ↗
POST	`/api/2.0/clusters/delete`	Terminate a cluster. The cluster definition is retained and can be started again.	write	`CAN_RESTART`	Current
Despite the name, this terminates rather than permanently removes; use permanent-delete to remove the definition. Needs at least CAN_RESTART. Acts oncluster Permission (capability)`CAN_RESTART` VersionAvailable since the API’s base version Webhook eventNone Rate limitStandard limits apply SourceOfficial documentation ↗
SQL Warehouses Create, list, start, and stop SQL warehouses, the compute behind SQL queries.4
POST	`/api/2.0/sql/warehouses`	Create a SQL warehouse, the compute that runs SQL queries.	write	`CAN_MANAGE`	Current
Needs workspace access and the cluster-creation entitlement. A running warehouse spends compute. Acts onwarehouse Permission (capability)`CAN_MANAGE` VersionAvailable since the API’s base version Webhook eventNone Rate limitStandard limits apply SourceOfficial documentation ↗
GET	`/api/2.0/sql/warehouses`	List SQL warehouses the caller can access.	read	`CAN_VIEW`	Current
Read-only. Acts onwarehouse Permission (capability)`CAN_VIEW` VersionAvailable since the API’s base version Webhook eventNone Rate limitStandard limits apply SourceOfficial documentation ↗
POST	`/api/2.0/sql/warehouses/{id}/start`	Start a stopped SQL warehouse.	write	`CAN_USE`	Current
Needs at least CAN_USE on the warehouse. It spends compute once running. Acts onwarehouse Permission (capability)`CAN_USE` VersionAvailable since the API’s base version Webhook eventNone Rate limitStandard limits apply SourceOfficial documentation ↗
POST	`/api/2.0/sql/warehouses/{id}/stop`	Stop a running SQL warehouse.	write	`CAN_USE`	Current
Needs at least CAN_USE on the warehouse. Acts onwarehouse Permission (capability)`CAN_USE` VersionAvailable since the API’s base version Webhook eventNone Rate limitStandard limits apply SourceOfficial documentation ↗
SQL Statement Execution Run a SQL statement on a warehouse, poll for its result, and cancel a running statement.3
POST	`/api/2.0/sql/statements`	Submit a SQL statement to run on a warehouse, with a chosen catalog, schema, and result format.	write	`CAN_USE`	Current
Marked write because a statement can be a write (INSERT, UPDATE, DELETE, CREATE). Needs CAN_USE on the warehouse, and the running identity's Unity Catalog grants decide which tables it can read or change. A wait_timeout of 0 to 50 seconds controls how long the call waits before returning a statement id to poll. Acts onstatement Permission (capability)`CAN_USE` VersionAvailable since the API’s base version Webhook eventNone Rate limitStandard limits apply SourceOfficial documentation ↗
GET	`/api/2.0/sql/statements/{statement_id}`	Get the status and result of a submitted statement by polling its ID.	read	`CAN_USE`	Current
Read-only. Used to fetch results when the execute call returned before the statement finished. Acts onstatement Permission (capability)`CAN_USE` VersionAvailable since the API’s base version Webhook eventNone Rate limitStandard limits apply SourceOfficial documentation ↗
POST	`/api/2.0/sql/statements/{statement_id}/cancel`	Cancel a running statement execution.	write	`CAN_USE`	Current
Stops execution; a partially applied write is not rolled back automatically. Acts onstatement Permission (capability)`CAN_USE` VersionAvailable since the API’s base version Webhook eventNone Rate limitStandard limits apply SourceOfficial documentation ↗
Unity Catalog List and read catalogs, schemas, and tables, the three-level data hierarchy, and read or change the grants on them.5
GET	`/api/2.1/unity-catalog/catalogs`	List catalogs, the top level of the data hierarchy, that the caller can see.	read	`USE CATALOG`	Current
Read-only. Returns catalogs the identity can use or browse. Acts oncatalog Permission (capability)`USE CATALOG` VersionAvailable since the API’s base version Webhook eventNone Rate limitStandard limits apply SourceOfficial documentation ↗
GET	`/api/2.1/unity-catalog/schemas`	List schemas within a catalog.	read	`USE SCHEMA`	Current
Read-only. Needs USE CATALOG on the parent catalog and USE SCHEMA on the schema. Acts onschema Permission (capability)`USE SCHEMA` VersionAvailable since the API’s base version Webhook eventNone Rate limitStandard limits apply SourceOfficial documentation ↗
GET	`/api/2.1/unity-catalog/tables`	List tables within a schema.	read	`SELECT`	Current
Read-only. Listing needs USE CATALOG and USE SCHEMA; reading the table's data needs SELECT on the table. Acts ontable Permission (capability)`SELECT` VersionAvailable since the API’s base version Webhook eventNone Rate limitStandard limits apply SourceOfficial documentation ↗
GET	`/api/2.1/unity-catalog/permissions/{securable_type}/{full_name}`	Read the grants on a securable object, like a catalog, schema, or table.	read	`MANAGE`	Current
Read-only. Shows who has which privilege on the object. Requires ownership or MANAGE to see the full grant set. Acts ongrant Permission (capability)`MANAGE` VersionAvailable since the API’s base version Webhook eventNone Rate limitStandard limits apply SourceOfficial documentation ↗
PATCH	`/api/2.1/unity-catalog/permissions/{securable_type}/{full_name}`	Grant or revoke privileges on a securable object.	write	`MANAGE`	Current
Changes who can reach the data. Requires ownership of the object or the MANAGE privilege on it. Acts ongrant Permission (capability)`MANAGE` VersionAvailable since the API’s base version Webhook eventNone Rate limitStandard limits apply SourceOfficial documentation ↗
Files & DBFS Upload, download, and delete files in Unity Catalog volumes, and read or write files in the older DBFS store.5
PUT	`/api/2.0/fs/files{file_path}`	Upload a file to a Unity Catalog volume path.	write	`WRITE VOLUME`	Current
Needs WRITE VOLUME on the volume, plus USE CATALOG and USE SCHEMA on its parents. Paths look like /Volumes/{catalog}/{schema}/{volume}/{path}. Acts onfile Permission (capability)`WRITE VOLUME` VersionAvailable since the API’s base version Webhook eventNone Rate limitStandard limits apply SourceOfficial documentation ↗
GET	`/api/2.0/fs/files{file_path}`	Download a file from a Unity Catalog volume path.	read	`READ VOLUME`	Current
Needs READ VOLUME on the volume, plus USE CATALOG and USE SCHEMA on its parents. Acts onfile Permission (capability)`READ VOLUME` VersionAvailable since the API’s base version Webhook eventNone Rate limitStandard limits apply SourceOfficial documentation ↗
DELETE	`/api/2.0/fs/files{file_path}`	Delete a file from a Unity Catalog volume path.	write	`WRITE VOLUME`	Current
Needs WRITE VOLUME on the volume. Acts onfile Permission (capability)`WRITE VOLUME` VersionAvailable since the API’s base version Webhook eventNone Rate limitStandard limits apply SourceOfficial documentation ↗
POST	`/api/2.0/dbfs/put`	Write a file to the older Databricks File System (DBFS) store.	write	—	Current
DBFS predates Unity Catalog and is not governed by its grants; access is at the workspace level. Databricks recommends volumes over DBFS for new work. Limited to 30 requests per second per workspace across the /dbfs surface. Acts ondbfs file Permission (capability)None required VersionAvailable since the API’s base version Webhook eventNone Rate limit30 requests per second per workspace (whole /dbfs surface) SourceOfficial documentation ↗
GET	`/api/2.0/dbfs/read`	Read the contents of a file in DBFS.	read	—	Current
Read-only. Shares the 30 requests per second per workspace limit on the /dbfs surface. Acts ondbfs file Permission (capability)None required VersionAvailable since the API’s base version Webhook eventNone Rate limit30 requests per second per workspace (whole /dbfs surface) SourceOfficial documentation ↗
Workspace (notebooks) Import and export notebooks and list the workspace folder tree.3
POST	`/api/2.0/workspace/import`	Import a notebook or file into the workspace folder tree.	write	`CAN_MANAGE`	Current
With overwrite set, replaces existing notebook source. Needs CAN_MANAGE on the target folder. Limited to 30 requests per second per workspace. Acts onnotebook Permission (capability)`CAN_MANAGE` VersionAvailable since the API’s base version Webhook eventNone Rate limit30 requests per second per workspace SourceOfficial documentation ↗
GET	`/api/2.0/workspace/export`	Export a notebook or file from the workspace, in a chosen format.	read	`CAN_READ`	Current
Read-only. Needs at least CAN_READ on the object. Limited to 60 requests per second per workspace. Acts onnotebook Permission (capability)`CAN_READ` VersionAvailable since the API’s base version Webhook eventNone Rate limit60 requests per second per workspace SourceOfficial documentation ↗
GET	`/api/2.0/workspace/list`	List the contents of a workspace folder.	read	`CAN_READ`	Current
Read-only. Limited to 50 requests per second per workspace. Acts onnotebook Permission (capability)`CAN_READ` VersionAvailable since the API’s base version Webhook eventNone Rate limit50 requests per second per workspace SourceOfficial documentation ↗
Secrets List secret scopes and the keys in a scope, and write a secret value.3
GET	`/api/2.0/secrets/scopes/list`	List the secret scopes available in the workspace.	read	—	Current
Read-only metadata. Lists scope names, not secret values. Acts onsecret scope Permission (capability)None required VersionAvailable since the API’s base version Webhook eventNone Rate limit1,100 requests per minute per workspace (whole Secrets surface) SourceOfficial documentation ↗
GET	`/api/2.0/secrets/list`	List the secret keys stored in a scope.	read	`READ`	Current
Needs READ on the scope ACL. Returns key names and metadata only; secret values cannot be read back through this API. Acts onsecret Permission (capability)`READ` VersionAvailable since the API’s base version Webhook eventNone Rate limit1,100 requests per minute per workspace (whole Secrets surface) SourceOfficial documentation ↗
POST	`/api/2.0/secrets/put`	Create or update a secret value in a scope.	write	`WRITE`	Current
Needs WRITE (or MANAGE) on the scope ACL. Stores a credential that workloads with READ can use at run time. Acts onsecret Permission (capability)`WRITE` VersionAvailable since the API’s base version Webhook eventNone Rate limit1,100 requests per minute per workspace (whole Secrets surface) SourceOfficial documentation ↗
Service principals List, read, and create the non-human identities that agents and automation run as.3
GET	`/api/2.0/preview/scim/v2/ServicePrincipals`	List the service principals in the workspace.	read	—	Current
Read-only. The workspace SCIM surface is limited to 255 GET requests per minute per workspace. Acts onservice principal Permission (capability)None required VersionAvailable since the API’s base version Webhook eventNone Rate limit255 GET requests per minute per workspace (workspace SCIM surface) SourceOfficial documentation ↗
GET	`/api/2.0/preview/scim/v2/ServicePrincipals/{id}`	Get a single service principal by ID.	read	—	Current
Read-only. Acts onservice principal Permission (capability)None required VersionAvailable since the API’s base version Webhook eventNone Rate limit255 GET requests per minute per workspace (workspace SCIM surface) SourceOfficial documentation ↗
POST	`/api/2.0/preview/scim/v2/ServicePrincipals`	Create a service principal, a non-human identity for automation.	write	—	Current
Restricted to workspace admins. The new identity can then be granted workspace and Unity Catalog access. Limited to 35 write requests per minute per workspace on the SCIM surface. Acts onservice principal Permission (capability)None required VersionAvailable since the API’s base version Webhook eventNone Rate limit35 POST/PUT/DELETE requests per minute per workspace (workspace SCIM surface) SourceOfficial documentation ↗

No endpoints match those filters.

Webhooks

Webhook events.

Databricks does not publish a single general-purpose webhook product across the platform. Events are surfaced in narrower ways instead, like job run notifications and the MLflow model registry webhooks, each tied to its own feature rather than a shared event stream.

Event	What it signals	Triggered by

No events match that search.

Rate limits & pagination

Rate limits, pagination & request size.

Databricks limits how fast an app or AI agent can call, through per-endpoint request rates measured per second and set per workspace. Going over returns a 429 response.

Request rate

Databricks rate-limits by endpoint, set per workspace and measured per second or per minute, rather than by one account-wide quota. The Jobs API gives /jobs/run-now and /jobs/create 20 requests per second, /jobs/runs/get 100 per second, /jobs/runs/list 30 per second, and /jobs/update and /jobs/runs/cancel 10 per second. The DBFS surface is held to 30 requests per second across /dbfs, the Secrets surface to 1,100 requests per minute, and the workspace SCIM surface to 255 GET requests per minute. Each endpoint's documented limit is shown on its row where Databricks publishes one. Going over returns HTTP 429 with the error_code REQUEST_LIMIT_EXCEEDED, and the caller should back off and retry.

Pagination

List endpoints page with a token model: a request returns a page of results plus a next_page_token, which is passed as page_token on the next call until no token comes back. Page size is set with max_results or page_size, which caps per endpoint, for example 25 for jobs/list and 100 for the SCIM service-principals surface. The older DBFS and some 2.0 endpoints instead page by offset and limit.

Request size

A SQL statement returns results inline when small, and switches to external links (presigned URLs) for large result sets, so a single response stays bounded; an inline chunk is capped at 25 MiB. File uploads through the UI are capped at 5 GB, while the Files API and the SDK handle larger files. A workspace file is capped at 500 MB, and a notebook at 10,000 cells.

Errors

Status codes & error handling.

The status codes an agent should handle, and what to do about each.

Status	Code	Meaning	What to do
400	`BAD_REQUEST / INVALID_PARAMETER_VALUE`	The request is malformed or a parameter value is invalid, such as a missing required field or a value out of range. The body holds an error_code and a human-readable message.	Read the message, correct the named parameter, and resend. The request is not retryable as-is.
401	`UNAUTHENTICATED`	The request has no valid authentication credentials, such as a missing, malformed, or expired token. OAuth machine-to-machine tokens last only one hour.	Send a valid bearer token, and refresh an expired OAuth token before retrying.
403	`PERMISSION_DENIED`	The caller is authenticated but lacks permission for the operation, such as a missing object ACL like CAN_MANAGE on a job, or a missing Unity Catalog privilege like SELECT on a table.	Grant the missing workspace ACL or Unity Catalog privilege to the calling identity, then retry.
404	`RESOURCE_DOES_NOT_EXIST`	The operation targets a resource that does not exist, or that the token cannot see.	Confirm the ID or path, and that the identity has access in the right workspace.
429	`REQUEST_LIMIT_EXCEEDED`	A per-endpoint or per-workspace rate limit was exceeded. Limits are measured per second or per minute per workspace and differ by endpoint.	Back off and retry with exponential backoff and jitter, and smooth the request rate.
500	`INTERNAL_ERROR`	An error on the Databricks side, which can also appear as 503 or 504.	Retry with backoff for an idempotent call, and contact Databricks support if it persists.

Versioning & freshness

Version history.

Databricks versions each API surface by a number in the path, so the Jobs API is at 2.1 while clusters, SQL, files, and secrets stay at 2.0. The platform itself ships dated release notes rather than a single dated API version.

Version history

What changed, and when

Latest version2.1

2.1Current version

Jobs API 2.1 (current for jobs)

The Jobs API is at version 2.1 in its path, while most other workspace surfaces (clusters, SQL warehouses, SQL Statement Execution, files, workspace, secrets) are at 2.0. Databricks versions each API surface independently by a number in the path rather than minting one account-wide dated version. Version 2.1 added multi-task jobs and a richer run model over 2.0; new integrations should target 2.1 for jobs.

What changed

Jobs API 2.1 supports jobs with multiple tasks and task dependencies.
run-now, runs/get, runs/list, and runs/cancel operate on the multi-task run model.
Other surfaces (clusters, SQL, files, workspace, secrets) remain at 2.0.

2.0

Core workspace APIs (clusters, SQL, files, secrets)

Version 2.0 is the current version for most workspace surfaces: clusters, SQL warehouses, SQL Statement Execution, the Files and DBFS stores, the workspace notebook tree, and secrets. The Jobs API also had a 2.0, now superseded by 2.1 for new work. Behavioral changes across the platform ship through dated release notes rather than a new path version.

What changed

Clusters, SQL Warehouses, SQL Statement Execution, Files, DBFS, Workspace, and Secrets APIs are served at 2.0.
The Files API at /api/2.0/fs/files works with Unity Catalog volumes.
Jobs 2.0 is superseded by 2.1 for multi-task jobs.

An integration pins the path version per surface and moves up when a new one ships.

Databricks platform release notes ↗

Questions

Databricks API, answered.

How does an agent authenticate to Databricks?+

With a bearer token in the Authorization header. For unattended automation Databricks recommends OAuth machine-to-machine: a service principal sends its client ID and OAuth secret with grant_type=client_credentials and scope=all-apis, and gets back a one-hour access token. A user-facing app can use the OAuth user-to-machine flow to act as a signed-in person. Personal access tokens still work and are simple, but they are long-lived, so OAuth is preferred and admins can disable token creation.

What permissions does an endpoint need? Are there per-endpoint OAuth scopes?+

There are no fine-grained per-endpoint OAuth scopes for the platform token; the OAuth scope for the REST API is the broad all-apis. What an identity can actually do is decided by two permission layers instead. Workspace objects (jobs, clusters, warehouses, notebooks, secret scopes) use access control lists like CAN_VIEW, CAN_RUN, and CAN_MANAGE. Data is governed by Unity Catalog privileges (USE CATALOG, USE SCHEMA, SELECT, MODIFY, READ VOLUME, WRITE VOLUME) on catalogs, schemas, tables, and volumes. A call succeeds only where both the object ACL and the Unity Catalog grant allow it.

How does Unity Catalog govern what data a call can reach?+

Unity Catalog is a three-level namespace, catalog then schema then table or volume, and privileges are granted on those objects to a user, group, or service principal. Privileges inherit downward, so SELECT granted on a catalog applies to its current and future tables. Reaching any object also needs USE CATALOG on its catalog and USE SCHEMA on its schema, which act as a boundary the catalog or schema owner controls even if a table owner grants SELECT. So the same token can run a query while being limited to exactly the tables its grants cover.

Does Databricks have webhooks for events?+

There is no single general-purpose webhook product across the platform. Events are surfaced in narrower, feature-specific ways instead: a job can send run notifications (success, failure, start) to email or a system destination like Slack or a webhook URL, and the MLflow model registry has its own webhooks for model lifecycle events. For most state, an integration polls the relevant API, for example jobs/runs/get for a run's status or the Statement Execution API for a query result.

What are the rate limits, and what happens when I exceed them?+

Limits are per endpoint and per workspace, measured per second or per minute, not one account-wide quota. For example /jobs/run-now allows 20 requests per second, /jobs/runs/get 100 per second, the whole /dbfs surface 30 per second, and the Secrets surface 1,100 per minute. Exceeding a limit returns HTTP 429 with the error_code REQUEST_LIMIT_EXCEEDED. The fix is exponential backoff with jitter and smoothing the call rate; many of these limits are fixed and not raised on request.

How do I run a SQL query through the API?+

Use the Statement Execution API. POST to /api/2.0/sql/statements with the SQL text, a warehouse_id, and optionally a catalog and schema. If the result is ready within the wait_timeout (0 to 50 seconds) it comes back inline; otherwise the response returns a statement_id to poll with GET /api/2.0/sql/statements/{statement_id}, and a running statement can be cancelled. The query runs as the calling identity, so its Unity Catalog grants decide which tables it can read or change.

Does Databricks have an official MCP server for AI agents?+

Yes. Databricks ships managed Model Context Protocol servers, in Public Preview, hosted at the per-workspace host. There are servers for Unity Catalog functions, vector search indexes, a Genie space, and SQL, at paths under /api/2.0/mcp/. Unity Catalog permissions are always enforced, and on-behalf-of-user auth uses an OAuth scope per server, so an agent connected through MCP reaches only the data and tools the user is allowed.

What is Bollard AI?

Control what every AI agent can do in Databricks.

Bollard AI sits between a team's AI agents and Databricks. Grant each agent exactly the access it needs, read or write, area by area, and every call is checked and logged.

Set read, write, or full access per agent, never a shared Databricks token.
Denied by default, so an agent reaches only what has been explicitly allowed.
Every call recorded in plain English: who, what, where, and the decision.

Control Databricks access in Bollard Browse all APIs →

Databricks

Data Agent

Run SQL on a warehouse ActionOffReadFull use

Read catalogs and tables ResourceOffReadFull use

Start and stop clusters ActionOffReadFull use

Run jobs ActionOffReadFull use

Read secrets ResourceOffReadFull use

Per-agent access, set in Bollard AI, not in Databricks

How the Databricks API works.

Connection & authentication methods.

REST API

Managed MCP servers (Model Context Protocol)

SQL Statement Execution API

OAuth machine-to-machine (service principal)

OAuth user-to-machine

Personal access token

What an AI agent can do in Databricks.

Jobs

Clusters

SQL Warehouses

SQL Statement Execution

Unity Catalog

Files & DBFS

Workspace (notebooks)

Secrets

Service principals

Every Databricks API method.

Jobs

Clusters

SQL Warehouses

SQL Statement Execution

Unity Catalog

Files & DBFS

Workspace (notebooks)

Secrets

Service principals

Webhook events.

Rate limits, pagination & request size.

Request rate

Pagination

Request size

Status codes & error handling.

Version history.

What changed, and when

Databricks API, answered.

More data API guides for agents

Fivetran

Snowflake

dbt

BigQuery

Supabase

Airbyte

Control what every AI agent can do in Databricks.