How do I log in to Kaggle's website?

You log in to Kaggle's website using your Google account. Kaggle uses Google OAuth 2.0 for web interface authentication, redirecting you to Google's sign-in page.

What is a Kaggle API token and why do I need it?

A Kaggle API token is a unique credential used for programmatic access to the Kaggle platform. You need it to interact with Kaggle's API from scripts or applications, for tasks like downloading datasets, uploading submissions, or managing notebooks.

How do I generate a Kaggle API token?

You generate an API token from your Kaggle account settings. Go to your profile, then 'My Account', and click 'Create New API Token' in the 'API' section to download the `kaggle.json` file.

Where should I store my `kaggle.json` file?

Place the `kaggle.json` file in the `~/.kaggle/` directory on your operating system (e.g., `C:\Users\YourUsername\.kaggle\` on Windows or `/home/yourusername/.kaggle/` on Linux/macOS). The Kaggle API client automatically looks for it there.

Is it safe to commit my `kaggle.json` file to Git?

No, it is not safe to commit your `kaggle.json` file to Git or any public version control system. This file contains sensitive credentials. Always add `kaggle.json` to your `.gitignore` file.

How can I enhance the security of my Kaggle account?

Enhance security by enabling Multi-Factor Authentication (MFA) on your linked Google account, restricting file permissions for `kaggle.json`, regularly reviewing and revoking old API tokens, and never sharing your credentials.

Can I use environment variables for Kaggle API authentication?

Yes, for more secure and flexible deployments, especially in CI/CD or shared environments, you can load your Kaggle API key and username from environment variables instead of the `kaggle.json` file.

Kaggle Authentication: Methods, Credentials, & Security (2026)

Kaggle authentication: primarily relies on API tokens for programmatic access to its platform, enabling users to interact with datasets, notebooks, and competitions via the Kaggle API. Users typically generate these tokens from their account settings, providing a secure method for scripts and applications to authenticate without exposing full user credentials.

Authentication overview

Kaggle, a platform for data science and machine learning, supports various authentication methods primarily focused on securing access to its web interface and programmatic interactions via its API. For web-based access, Kaggle leverages Google's robust OAuth 2.0 framework, allowing users to sign in securely using their Google accounts. This method centralizes identity management and often includes multi-factor authentication (MFA) provided by Google, enhancing overall account security. For automated tasks, such as uploading datasets, downloading competition data, or interacting with notebooks programmatically, Kaggle provides API tokens. These tokens are designed for non-interactive use and serve as a secure credential for scripts and applications.

The Kaggle API client, predominantly used with Python, facilitates these programmatic interactions. When making requests to the Kaggle API, the API client uses the credentials stored locally to authenticate the user. This approach ensures that sensitive login information is not embedded directly into code or exposed during API calls. Understanding the distinction between web UI authentication and API token authentication is crucial for developers and data scientists who wish to integrate Kaggle into their workflows or automate data-related tasks.

Supported authentication methods

Kaggle supports specific authentication methods tailored for both interactive web use and automated programmatic access. The choice of method depends on the context of the interaction.

Web Interface Authentication (Google OAuth 2.0)

For accessing the Kaggle website, including browsing datasets, participating in competitions, and managing notebooks through the browser, authentication is handled via Google accounts. This method utilizes the Google OAuth 2.0 protocol, where Kaggle delegates the authentication process to Google's identity services. When a user attempts to log in, they are redirected to Google's sign-in page, and upon successful authentication, Google issues an authorization grant back to Kaggle, which then grants access to the user's Kaggle account. This method benefits from Google's extensive security infrastructure, including advanced phishing protection and optional multi-factor authentication, which users can enable on their Google accounts.

API Token Authentication

For programmatic access to Kaggle's resources, such as uploading datasets, submitting competition entries, or interacting with Kaggle Kernels (notebooks) via scripts, API tokens are the primary authentication mechanism. An API token is a long, randomly generated string that acts as a secret key, uniquely identifying and authenticating a user's API requests. These tokens are generated by the user from their Kaggle account settings and are stored locally by the Kaggle API client. Each token is associated with a specific user account and grants access to resources that the user is authorized to access. API tokens are revocable, allowing users to invalidate them if they are compromised or no longer needed.

The following table summarizes the key authentication methods:

Method	When to Use	Security Level
Google Account (OAuth 2.0)	Interactive web access to Kaggle.com	High (Leverages Google's security infrastructure, including MFA options)
API Tokens	Programmatic access via Kaggle API (e.g., Python scripts, CLI)	High (If tokens are securely managed and stored)

Getting your credentials

To interact with Kaggle programmatically using the Kaggle API, you need to obtain an API token. This process involves generating a kaggle.json file from your Kaggle account settings. This file contains your username and API key, which the Kaggle API client uses to authenticate your requests.

Log in to Kaggle: Navigate to Kaggle.com and log in using your Google account.
Access Account Settings: Click on your profile picture in the top right corner and select 'My Account'.
Generate API Token: Scroll down to the 'API' section. Click the 'Create New API Token' button. This action will automatically download a file named kaggle.json to your computer.
Store kaggle.json: The kaggle.json file contains your API credentials. For the Kaggle API client to find it, you should place this file in the ~/.kaggle/ directory on your operating system. For example, on Linux/macOS, this would be /home/yourusername/.kaggle/kaggle.json, and on Windows, it would be C:\Users\YourUsername\.kaggle\kaggle.json. If the .kaggle directory does not exist, create it.

Once the kaggle.json file is correctly placed, the Kaggle API client (e.g., the kaggle Python package) will automatically detect and use these credentials for authentication when you make API calls. It's crucial to treat this file as a sensitive credential and protect it from unauthorized access, similar to how you would protect a password.

Authenticated request example

After setting up your API credentials, you can use the Kaggle API client to make authenticated requests. The following Python example demonstrates how to download a dataset using the kaggle library. This assumes you have already installed the library (pip install kaggle) and placed your kaggle.json file in the correct directory.

First, ensure the Kaggle API client is installed:

pip install kaggle

Then, you can use the following Python code to download a dataset. Replace "owner/dataset-name" with the actual dataset identifier (e.g., "titanic/titanic").

import kaggle
import os

# Initialize the Kaggle API client (it will automatically look for kaggle.json)
kaggle.api.authenticate()

# Example: Download a public dataset
# Replace 'titanic/titanic' with the owner/dataset-name you want to download
try:
    print("Downloading dataset...")
    kaggle.api.dataset_download_files('titanic/titanic', path='.', unzip=True)
    print("Dataset downloaded and unzipped successfully.")
    
    # List files in the current directory to verify download
    print("Files in current directory:")
    for filename in os.listdir('.'):
        print(f"- {filename}")

except Exception as e:
    print(f"An error occurred: {e}")
    print("Please ensure your API token is correctly set up and the dataset identifier is valid.")

This example demonstrates a basic authenticated interaction. The kaggle.api.authenticate() call implicitly uses the credentials from your kaggle.json file. If the authentication fails, it typically indicates an issue with the kaggle.json file's location, permissions, or validity.

Security best practices

Securing your Kaggle account and API credentials is vital to protect your data, competition submissions, and computational resources. Adhering to these best practices helps mitigate risks associated with unauthorized access:

Protect your kaggle.json file:
- Restrict file permissions: Ensure that only you can read and write to the kaggle.json file. On Linux/macOS, use chmod 600 ~/.kaggle/kaggle.json. On Windows, verify that the file's security settings grant access only to your user account.
- Avoid sharing: Never share your kaggle.json file or the API key contained within it with anyone. Treat it like a password.
- Do not commit to version control: Exclude kaggle.json from your version control systems (e.g., Git) by adding it to your .gitignore file. If you use a public repository, committing these credentials would expose your account.
Enable Multi-Factor Authentication (MFA) on your Google Account: Since Kaggle web access relies on Google accounts, enabling MFA on your Google account adds a critical layer of security. This requires a second form of verification (e.g., a code from your phone) in addition to your password, significantly reducing the risk of unauthorized access even if your password is compromised. You can manage these settings through your Google Account security page.
Regularly review and revoke API tokens: Periodically check your Kaggle account's API section for active tokens. If you suspect a token has been compromised, or if a project no longer requires API access, revoke the token immediately. You can generate new tokens as needed.
Use environment variables for sensitive data: For advanced deployments or when working in shared environments (e.g., CI/CD pipelines), consider loading API keys from environment variables instead of directly from files. This approach keeps sensitive information out of the filesystem and code.
Be cautious with third-party tools and integrations: When using third-party applications or services that integrate with Kaggle, ensure they are reputable and understand their security practices regarding your Kaggle credentials. Grant only the necessary permissions.
Keep your Kaggle API client updated: Ensure you are using the latest version of the kaggle Python package. Updates often include security patches and improvements.

Kaggle Authentication: Methods, Credentials, & Security (2026)

Authentication overview

Supported authentication methods

Web Interface Authentication (Google OAuth 2.0)

API Token Authentication

Getting your credentials

Authenticated request example

Security best practices

Frequently asked questions

Reviews

Discussion

Written by