Kafka Configs Kafka Protocol Wire Format API Versions KIPs Errors Kafka Upgrade Config Advisor Flink SQL
conduktor.io ↗

Kafka CreateDelegationToken Request Wire Format v1 — Binary Protocol Layout

What is CreateDelegationToken?

Issues short-lived tokens that replace static SASL credentials, suited for job schedulers and ephemeral services. Tokens can be distributed to workers via a secure channel, eliminating the need to share the actual Kerberos keytab or SCRAM password.

Related Errors

DELEGATION_TOKEN_AUTHORIZATION_FAILED · DELEGATION_TOKEN_REQUEST_NOT_ALLOWED · INVALID_PRINCIPAL_TYPE

Wire Diagram

Request Header
message_size int32 · 4B
api_key int16 · 2B
api_version int16 · 2B
correlation_id int32 · 4B
client_id string
CreateDelegationTokenRequest v1
Renewers array
MaxLifetimeMs int64 · 8B
PrincipalType string
PrincipalName string

Schema & Example

Schema
{
  "Renewers": [{
      "PrincipalType": string,
      "PrincipalName": string
  }],
  "MaxLifetimeMs": int64
}
Example
{
  "Renewers": [{
      "PrincipalType": "User:alice",
      "PrincipalName": "User:alice"
  }],
  "MaxLifetimeMs": 0
}