Generate an API token
This feature is exclusive to StarTree Self Serve trial users. The StarTree support team continues to be the preferred point of contact for existing customers to get help.
Before you generate an API token, you must create an organization in StarTree Cloud. For more information, see Get started with StarTree Cloud. Only an administrator can create an API token.
To generate a basic auth API token, do the following:
-
Open StarTree Cloud (opens in a new tab) in your browser.
-
Click an organization name in the list.
-
Click an environment name in the list.

-
Click the Workspaces tab, and then click a workspace name. Your workspace appears open to the General tab.
-
Click the Services tab.

- Click your Apache Pinot cluster's name.

-
Click the Pinot API Tokens tab.
-
Click Create Pinot API Token. Copy the token and save it for use in your production API calls or to use it for testing as this is the only time you will be able to do so.

Test the StarTree API token you just generated
Test the token you just generated using one of the following methods:
-
Use CURL and include the token in a
--header 'Authorization: ... '
parameter, like this:curl --location --request GET 'https://pinot.tls.tls-test.startree-dev.cloud/appconfigs' \ --header 'Authorization: Basic NGNlZmI4NDgwZjhmNGE3ODg2YTVjOWRhMTA1NmE3YjU6eVlHVVlsV1BVaU5OTjQ2bkZaY09vM2FUT3FJQ1AyYUFrMXF4VDVCOEFKUT0='
-
Use the Swagger API
- Add
Basic
(with the space) to the beginning of the token and then test it with the Swagger API Authorization button, pasting the combination into the dialog box that appears.
- Then, from the list in Swagger, find an API call you want to try and click the related Try it out button.
- Add
Add the proper credentials in the proper format everywhere you use the API token.
For example, if you are using Superset you must use base64
decoding and split the username/password sections out for your token. See Infer Pinot username and password from the Pinot API token.
If you are using Curl, the token uses Auth Basic and not Bearer.
Infer Pinot username and password from Pinot API token
In some applications like Superset or Trino, you might need to use the username/password format of the API token.
The API token is a base64 encoded string of the username and password separated by a colon. You can use https://www.base64decode.org/ (opens in a new tab) to convert your Pinot API token to "[username]:[password]" format.
For example:
Below is your Pinot API Token NGNlZmI4NDgwZjhmNGE3ODg2YTVjOWRhMTA1NmE3YjU6eVlHVVlsV1BVaU5OTjQ2bkZaY09vM2FUT3FJQ1AyYUFrMXF4VDVCOEFKUT0=
This is your converted Pinot API Token after the decoding:
4cefb8480f8f4a7886a5c9da1056a7b5:yYGUYlWPUiNNN46nFZcOo3aTOqICP2aAk1qxT5B8AJQ=
Where your username and password are separated by a colon within the decoded string.
username = 4cefb8480f8f4a7886a5c9da1056a7b5
password = yYGUYlWPUiNNN46nFZcOo3aTOqICP2aAk1qxT5B8AJQ=
As an alternative to the method above, you can use the following bash command to infer the username and password from the API token:
PINOT_API=NGNlZmI4NDgwZjhmNGE3ODg2YTVjOWRhMTA1NmE3YjU6eVlHVVlsV1BVaU5OTjQ2bkZaY09vM2FUT3FJQ1AyYUFrMXF4VDVCOEFKUT0=
PINOT_USERNAME=`echo ${PINOT_API} | base64 --decode | awk -F ':' '{print $1}'`
echo ${PINOT_USERNAME}
PINOT_PASSWORD=`echo ${PINOT_API} | base64 --decode | awk -F ':' '{print $2}'`
echo ${PINOT_PASSWORD}
The output is
4cefb8480f8f4a7886a5c9da1056a7b5
yYGUYlWPUiNNN46nFZcOo3aTOqICP2aAk1qxT5B8AJQ=