The Tableau REST API lets you automate virtually every administrative task: publishing workbooks, managing users, triggering extract refreshes, querying site content, and more. Here is what the API can do and the patterns that save the most engineering time.
The quick answer
The Tableau REST API is a comprehensive HTTP API that gives you programmatic control over virtually every aspect of your Tableau Server or Tableau Cloud environment: publishing workbooks and data sources, managing users and permissions, triggering extract refreshes, querying site content, and monitoring server activity. If you are doing any of these tasks manually through the Tableau web interface on a regular basis, the REST API can automate them.
The Tableau REST API uses standard HTTP methods (GET, POST, PUT, DELETE) with JSON request and response bodies. Authentication is via Personal Access Tokens (PATs) or username/password credentials. The API is versioned — always use the highest API version compatible with your Tableau Server or Cloud version. The Tableau Server REST API documentation at help.tableau.com/current/api/rest_api is comprehensive.
What the REST API can do
### Content management
**Publishing**: programmatically publish workbooks (.twbx files), data sources (.tdsx files), and flows (.tflx files) to Tableau Server or Cloud. Useful for CI/CD pipelines where dashboard content is deployed from a git repository rather than published manually by developers. Use the publish endpoint with multipart form data.
**Querying content**: list all workbooks on a site, query workbooks by owner, project, tag, or last-modified date. Return workbook metadata (name, owner, project, URL, created/updated timestamps, connection count). Query views within a workbook. Query published data sources. Useful for content audits, orphaned content detection, and building custom content management interfaces.
**Downloading**: download workbooks and data sources programmatically. Useful for backup automation, content migration between sites or servers, and archiving content before decommissioning.
**Tagging**: add and remove tags on workbooks, data sources, and views. Useful for classification workflows — automating the application of governance tags (certified, deprecated, needs-review) based on content properties.
### User and permissions management
**User management**: create users, update user roles, remove users, query site user lists. Automate user onboarding (creating users and assigning them to groups and projects when they join an organisation) and offboarding (unlicensing users and removing group memberships when they leave).
**Group management**: create groups, add/remove users from groups. Bulk onboarding via group assignment — add users to groups that have pre-configured permissions on projects and content.
**Permission management**: set and query permissions on projects, workbooks, and data sources. Automate permission assignments based on group membership. Ensure that new projects are created with consistent permission structures.
**Download and usage**: query who has access to what content. Build a permissions inventory for security audits. Identify workbooks that are accessible to users who should not have access.
### Extract and pipeline management
**Triggering extract refreshes**: initiate an extract refresh job for any published data source or workbook with embedded data source. Useful for triggering refreshes on completion of upstream data pipeline runs, rather than relying on schedule-based refreshes that may fire before upstream data is ready.
**Querying job status**: monitor the status of refresh jobs — pending, in-progress, completed, failed. Build notification systems that alert on extract failures. Build dashboards that show extract health across all data sources on a site.
**Querying schedule information**: list configured schedules, identify data sources attached to schedules. Build audit views of extract schedule configuration.
### Site and server monitoring
**View usage metrics**: query the number of views for specific workbooks and data sources. Identify the most-used and least-used content. Build usage reporting dashboards that inform governance decisions (what to certify, what to deprecate, what to archive).
**Custom views**: query custom views that users have saved from published workbooks. Useful for identifying how users are using and customising published content.
**Server metrics via the Repository**: the Tableau Server PostgreSQL repository (on-premise Server only) provides deeper usage and performance metrics than the REST API — workbook render times, VizQL query times, extract sizes. The REST API covers administrative operations; the repository covers operational monitoring. For managed observability, the Server Management Add-on includes the Resource Monitoring Tool.
Authentication: Personal Access Tokens
Personal Access Tokens (PATs) are the recommended authentication mechanism for REST API automation. A PAT is created in the Tableau user interface and used in API requests instead of username/password credentials. PATs can be revoked without changing passwords; multiple PATs can be created per user for different automation workflows; PAT expiry and rotation are manageable.
To authenticate with a PAT: POST to /api/[version]/auth/signin with a JSON body containing the token name and token value. The response returns a credentials token and site ID for use in subsequent requests. This credentials token is a short-lived session token (not the PAT itself), included in the X-Tableau-Auth header of every subsequent request.
Do not embed PAT values in source code. Store PATs as environment variables or in a secrets manager (AWS Secrets Manager, Azure Key Vault, HashiCorp Vault). Rotate PATs periodically. Create service-account PATs for automation rather than using individual user PATs.
The Tableau Server Client library (Python)
Tableau provides an official Python library — tableau-server-client (TSC) — that wraps the REST API in a Python interface. Rather than constructing HTTP requests manually, you use Python objects and methods:
For example, to list all workbooks on a site, you sign in with tableau_auth (containing a PAT), create a TSC.Server object, and iterate over server.workbooks.get() which returns workbook objects with properties like name, project_name, owner_id, and tags.
To trigger an extract refresh, you query for data sources, find the one you want by name, and call server.datasources.refresh(target_datasource).
The TSC library is available via pip (pip install tableauserverclient). It is actively maintained by Tableau and covers the majority of REST API endpoints. For automation workflows, TSC is significantly faster to develop with than raw HTTP requests.
Common automation patterns
### CI/CD pipeline for dashboard deployment
Development teams working with Tableau content in git repositories use the REST API to deploy workbooks from a feature branch to a development site, from main to staging, and from staging to production. The publish endpoint replaces manual "Upload to Server" workflows.
A typical CI/CD flow: pull request triggers a Tableau content validation step (check workbook XML for required calculated fields, certified data source references, naming conventions). Merge to main triggers publish to development site. Manual promotion triggers publish to production site. The REST API handles publish; git handles versioning and review.
### Automated user lifecycle management
SCIM (System for Cross-domain Identity Management) integration, where supported, is preferable to REST API user management for large-scale provisioning. For environments without SCIM, the REST API automates user lifecycle:
Onboarding trigger (HR system webhook or scheduled job): query Tableau users, check if the new employee exists, create user if absent, assign to appropriate groups based on department and role, license at appropriate role level (Creator/Explorer/Viewer). Offboarding trigger: find user, remove from all groups, set licence to Unlicensed (rather than deleting, to preserve ownership audit trails for regulatory purposes). Quarterly licence audit: query all users, compare last-login-date, generate report of candidates for licence reduction or release.
### Extract refresh orchestration
In data pipelines where Tableau extract refreshes must follow upstream data processing:
After dbt transformation run completes, query Tableau for the relevant data source by name, trigger an extract refresh via the REST API, poll the job status endpoint until the refresh completes (success or failure), notify the data team via Slack or email on failure.
This eliminates the scheduling mismatch problem: Tableau refresh schedules are time-based, not event-driven. If the upstream dbt run takes longer than expected, a time-based schedule may refresh against stale data. Event-driven refresh via the REST API ensures refreshes happen after data is ready.
### Content auditing and governance
Monthly governance audit: query all workbooks and data sources on the site. For each, capture: name, owner, project, last-accessed date, view count, embedded credentials (yes/no), certified status. Export to a spreadsheet or load to a database table. Flag workbooks not accessed in 90 days for archival review. Flag workbooks with embedded credentials for remediation. Flag workbooks in personal projects rather than shared projects for governance review.
This audit, run manually, takes days. Via the REST API, it runs in minutes and can be scheduled automatically.
The Tableau Metadata API (Catalog)
The Tableau Metadata API (requires the Data Management Add-on, which enables Tableau Catalog) extends the REST API with metadata queries using GraphQL. It enables:
- Querying column-level lineage: which database tables and columns feed which Tableau fields in which workbooks?
- Impact analysis: if this database column changes, which workbooks are affected?
- Certified data source inventory: which data sources are certified, by whom, and when?
- Data quality warning management: apply and query data quality warnings on data sources
The Metadata API is the foundation for building data lineage visualisations, impact analysis tools, and automated governance workflows that require column-level awareness. For the lineage context, see data lineage.
Frequently asked questions
Where do I find the REST API documentation?
The Tableau REST API reference is at help.tableau.com/current/api/rest_api/en-us/REST/rest_api_ref.htm. The Tableau Server Client Python library documentation is at tableau.github.io/server-client-python.
What version of the REST API should I use?
Use the highest API version supported by your Tableau Server or Cloud version. The API is versioned (e.g., /api/3.19/) and newer versions add endpoints and fix limitations. Check the compatibility matrix in the documentation for your server version.
Can the REST API do everything the Tableau web interface does?
Almost — but not quite. Some administrative operations are not available via the REST API (certain site configuration options, some server-level administration tasks). For Tableau Server, some operations require direct database access (the Repository) or server command-line tools (tabcmd, TSM). For most automation requirements, the REST API is sufficient.
Is tabcmd the same as the REST API?
No. tabcmd is a command-line utility for common Tableau Server tasks (publishing, downloading, creating sites, managing schedules). It is simpler to use for individual operations but less flexible than the REST API for complex automation. tabcmd commands map to REST API calls internally. For scripted automation, the REST API (via TSC Python library) is more flexible; for ad-hoc operations, tabcmd is faster.
Our Tableau consulting practice builds REST API automation frameworks for clients — from simple extract orchestration to full CI/CD pipelines for dashboard deployment. If you are building Tableau automation or evaluating what the REST API can do for your environment, book a free 30-minute audit and we will tell you directly what is possible.
A former Microsoft data architect audits your data foundation, identifies your top priorities, and sends you a written plan. Free. No pitch.
Book a Call →