Authentication and Security
Sign in to Tableau's REST API directly — no library — and know exactly what TSC does for you under the hood.
Why it matters
TSC wraps the REST API, but it doesn't cover every endpoint, and when something breaks you'll be reading raw REST responses. Signing in once by hand — POST the credentials XML, pull the token out, send it back as X-Tableau-Auth — is the fastest way to understand every Tableau API error you'll ever see.
Write a Python script using only the requests library that authenticates against the Tableau REST API: POST a signin request to /api/3.19/auth/signin with a Personal Access Token in the XML payload, parse the auth token and site id out of the response with xml.etree.ElementTree, make one authenticated call (list the site's workbooks) sending the token as the X-Tableau-Auth header, then sign out. Read the server URL, token name, token value, and site content-url from environment variables. On a 401, print which of the three likely causes it is: expired token, wrong site content-url, or wrong API version.
Step 1 — Creating a Personal Access Token
Step-by-Step PAT Creation
Access User Settings
Log into Tableau Server and navigate to your user account settings.
Navigate to Personal Access Tokens
Find the "Personal Access Tokens" section in your settings.
Create New Token
Click "Create New Token" and provide a descriptive name for your token.
Save Token Details
Copy and securely store both the token name and secret value.
Step 2 — Setting Up Your Environment
Environment Configuration
Before making API calls, set up your environment with the necessary credentials and configurations.
# Environment Variables
export TABLEAU_SERVER_URL="https://your-server.com"
export TABLEAU_TOKEN_NAME="your_token_name"
export TABLEAU_TOKEN_SECRET="your_token_secret"
export TABLEAU_SITE_NAME="your_site_name"
Important Security Note
Never hardcode credentials in your source code. Always use environment variables or secure configuration files.
Step 3 — Making Your First API Call
Authentication Request
Let's make your first authenticated request to the Tableau Server REST API to get an authentication token.
import requests
import xml.etree.ElementTree as ET
# Server configuration
server_url = "https://your-server.com"
api_version = "3.19"
site_name = "your_site_name"
# Authentication payload
auth_payload = f"""
<tsRequest>
<credentials personalAccessTokenName="{token_name}"
personalAccessTokenSecret="{token_secret}">
<site contentUrl="{site_name}" />
</credentials>
</tsRequest>
"""
# Make authentication request
auth_url = f"{server_url}/api/{api_version}/auth/signin"
response = requests.post(auth_url, data=auth_payload)
print(f"Status: {response.status_code}")
print(f"Response: {response.text}")
Success!
If successful, you'll receive an authentication token that can be used for subsequent API calls.
Step 4 — Best Practices and Next Steps
Authentication Best Practices
Do's
- • Use environment variables
- • Implement proper error handling
- • Set appropriate token expiration
- • Monitor token usage
Don'ts
- • Hardcode credentials
- • Share tokens publicly
- • Ignore authentication errors
- • Use overly broad permissions
Ready for the Knowledge Check!
Congratulations! You've completed all the tutorial steps. Now it's time to test your understanding with our knowledge check questions. Click "Complete Tutorial" to unlock the quiz.
Got what you came for? Mark the stop and the line fills in beneath you.