Skip to content

dataversefs

Authenticate

OceanNetworksCanada/dataversefs

Authenticate¶

Public Datasets¶

No token is needed. Simply omit the token argument:

import fsspec

fs = fsspec.filesystem(
    "dataverse",
    host="borealisdata.ca",
    pid="doi:10.5683/SP3/7HF3IC",
)

Restricted Datasets¶

Generate a token in the Dataverse web UI: Account → API Token → Generate Token.

Option 1 — Pass the token directly¶

fs = fsspec.filesystem(
    "dataverse",
    host="borealisdata.ca",
    pid="doi:10.5683/SP3/YOURDOI",
    token="xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx",
)

Avoid hard-coding tokens in scripts that get committed to version control.

Option 2 — Environment variable via `.env`¶

Create a .env file in your project root (add it to .gitignore):

# .env
DATAVERSE_TOKEN=xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx

Load it at the top of your script or notebook:

import os
from dotenv import load_dotenv  # pip install python-dotenv

load_dotenv()

fs = fsspec.filesystem(
    "dataverse",
    host="borealisdata.ca",
    pid="doi:10.5683/SP3/YOURDOI",
    token=os.environ.get("DATAVERSE_TOKEN"),
)

Option 3 — `storage_options` dict (for Xarray / Zarr)¶

import os
import xarray as xr

storage_options = {
    "host": "borealisdata.ca",
    "pid": "doi:10.5683/SP3/YOURDOI",
    "token": os.environ.get("DATAVERSE_TOKEN"),
}

ds = xr.open_zarr(
    "dataverse://my_store.zarr",
    storage_options=storage_options,
    consolidated=False,
)

Token Security Notes¶

Tokens are sent as the X-Dataverse-key HTTP header.
Tokens can be revoked in the Dataverse web UI at any time.
Pre-signed S3 URLs (used for actual file data) do not carry the token — they are time-limited and scoped by Borealis during the 303 redirect.