---
title: Security and access endpoints
description: Endpoints for managing authentication and access control in InfluxDB Cloud.
url: https://docs.influxdata.com/influxdb/cloud/api/security-and-access-endpoints/
estimated_tokens: 15257
product: InfluxDB Cloud (TSM)
version: cloud
publisher: InfluxData
canonical: https://docs.influxdata.com/influxdb/cloud/api/security-and-access-endpoints/
---

[Download InfluxDB Cloud (TSM) API Spec](/openapi/influxdb-cloud-v2-api.yml)

Endpoints for managing authentication and access control in InfluxDB Cloud.

GET`/api/v2/authorizations`

### List authorizations

Lists authorizations.

To limit which authorizations are returned, pass query parameters in your request.
If no query parameters are passed, InfluxDB returns all authorizations.

#### InfluxDB Cloud

* InfluxDB Cloud doesn’t expose [API token](/influxdb/cloud/reference/glossary/#token)values in `GET /api/v2/authorizations` responses;
  returns `token: redacted` for all authorizations.

#### Required permissions

To retrieve an authorization, the request must use an API token that has the
following permissions:

* `read-authorizations`
* `read-user` for the user that the authorization is scoped to

#### Related guides

* [View tokens](/influxdb/cloud/security/tokens/view-tokens/)

#### Parameters

##### Query parameters

`userID`string

A user ID.
Only returns authorizations scoped to the specified [user](/influxdb/cloud/reference/glossary/#user).

`user`string

A user name.
Only returns authorizations scoped to the specified [user](/influxdb/cloud/reference/glossary/#user).

`orgID`string

An organization ID. Only returns authorizations that belong to the specified [organization](/influxdb/cloud/reference/glossary/#organization).

`org`string

An organization name.
Only returns authorizations that belong to the specified [organization](/influxdb/cloud/reference/glossary/#organization).

`token`string

An API [token](/influxdb/cloud/reference/glossary/#token) value.
Specifies an authorization by its `token` property value
and returns the authorization.

#### InfluxDB OSS v2

* Doesn’t support this parameter. InfluxDB OSS ignores the `token=` parameter,
  applies other parameters, and then returns the result.

#### Limitations

* The parameter is non-repeatable. If you specify more than one,
  only the first one is used. If a resource with the specified
  property value doesn’t exist, then the response body contains an empty list.

##### Header parameters

`Zap-Trace-Span`string

OpenTracing span context

Example request[Ask AI about this](#)

```sh
curl --request GET \
  "https://us-east-1-1.aws.cloud2.influxdata.com/api/v2/authorizations" \
  --header "Authorization: Bearer INFLUX_TOKEN"
```

#### Responses

200

Success. The response body contains a list of authorizations.

If the response body is missing authorizations that you expect, check that the API
token used in the request has `read-user` permission for the users (`userID` property value)
in those authorizations.

#### InfluxDB OSS v2

* **Warning**: The response body contains authorizations with their[API token](/influxdb/cloud/reference/glossary/#token) values in clear text.
* If the request uses an *[operator token](/influxdb/v2/security/tokens/#operator-token)*,
  InfluxDB OSS returns authorizations for all organizations in the instance.

`authorizations`object[]

`links`string

400Non 2XX error response from server.

`code`requiredstring

code is the machine-readable error code.

Allowed:`internal error`, `not implemented`, `not found`, `conflict`, `invalid`, `unprocessable entity`, `empty value`, `unavailable`, `forbidden`, `too many requests`, `unauthorized`, `method not allowed`, `request too large`, `unsupported media type`

`err`string

Stack of errors that occurred during processing of the request. Useful for debugging.

`message`string

Human-readable message.

`op`string

Describes the logical code operation when the error occurred. Useful for debugging.

401

Unauthorized. The error may indicate one of the following:

* The `Authorization: Token` header is missing or malformed.
* The API token value is missing from the header.
* The token doesn’t have sufficient permissions to write to this organization and bucket.

`code`string

The HTTP status code description. Default is `unauthorized`.

Allowed:`unauthorized`

`message`string

A human-readable message that may contain detail about the error.

500Internal server error.
The server encountered an unexpected situation.

`code`requiredstring

code is the machine-readable error code.

Allowed:`internal error`, `not implemented`, `not found`, `conflict`, `invalid`, `unprocessable entity`, `empty value`, `unavailable`, `forbidden`, `too many requests`, `unauthorized`, `method not allowed`, `request too large`, `unsupported media type`

`err`string

Stack of errors that occurred during processing of the request. Useful for debugging.

`message`string

Human-readable message.

`op`string

Describes the logical code operation when the error occurred. Useful for debugging.

defaultNon 2XX error response from server.

`code`requiredstring

code is the machine-readable error code.

Allowed:`internal error`, `not implemented`, `not found`, `conflict`, `invalid`, `unprocessable entity`, `empty value`, `unavailable`, `forbidden`, `too many requests`, `unauthorized`, `method not allowed`, `request too large`, `unsupported media type`

`err`string

Stack of errors that occurred during processing of the request. Useful for debugging.

`message`string

Human-readable message.

`op`string

Describes the logical code operation when the error occurred. Useful for debugging.

POST`/api/v2/authorizations`

### Create an authorization

Creates an authorization and returns the authorization with the
generated API [token](/influxdb/cloud/reference/glossary/#token).

Use this endpoint to create an authorization, which generates an API token
with permissions to `read` or `write` to a specific resource or `type` of resource.
The API token is the authorization’s `token` property value.

To follow best practices for secure API token generation and retrieval,
InfluxDB enforces access restrictions on API tokens.

* InfluxDB allows access to the API token value immediately after the authorization is created.
* You can’t change access (read/write) permissions for an API token after it’s created.
* Tokens stop working when the user who created the token is deleted.

We recommend the following for managing your tokens:

* Create a generic user to create and manage tokens for writing data.
* Store your tokens in a secure password vault for future access.

#### Required permissions

* `write-authorizations`
* `write-user` for the user that the authorization is scoped to

#### Related guides

* [Create a token](/influxdb/cloud/security/tokens/create-token/)

#### Parameters

##### Header parameters

`Zap-Trace-Span`string

OpenTracing span context

#### Request bodyrequired

The authorization to create.

Content-Type:`application/json`

Example request[Ask AI about this](#)

```sh
curl --request POST \
  "https://us-east-1-1.aws.cloud2.influxdata.com/api/v2/authorizations" \
  --header "Authorization: Bearer INFLUX_TOKEN" \
  --header "Content-Type: application/json"
```

#### Responses

201Success. The authorization is created. The response body contains the
authorization.

400Non 2XX error response from server.

`code`requiredstring

code is the machine-readable error code.

Allowed:`internal error`, `not implemented`, `not found`, `conflict`, `invalid`, `unprocessable entity`, `empty value`, `unavailable`, `forbidden`, `too many requests`, `unauthorized`, `method not allowed`, `request too large`, `unsupported media type`

`err`string

Stack of errors that occurred during processing of the request. Useful for debugging.

`message`string

Human-readable message.

`op`string

Describes the logical code operation when the error occurred. Useful for debugging.

401

Unauthorized. The error may indicate one of the following:

* The `Authorization: Token` header is missing or malformed.
* The API token value is missing from the header.
* The token doesn’t have sufficient permissions to write to this organization and bucket.

`code`string

The HTTP status code description. Default is `unauthorized`.

Allowed:`unauthorized`

`message`string

A human-readable message that may contain detail about the error.

500Internal server error.
The server encountered an unexpected situation.

`code`requiredstring

code is the machine-readable error code.

Allowed:`internal error`, `not implemented`, `not found`, `conflict`, `invalid`, `unprocessable entity`, `empty value`, `unavailable`, `forbidden`, `too many requests`, `unauthorized`, `method not allowed`, `request too large`, `unsupported media type`

`err`string

Stack of errors that occurred during processing of the request. Useful for debugging.

`message`string

Human-readable message.

`op`string

Describes the logical code operation when the error occurred. Useful for debugging.

defaultNon 2XX error response from server.

`code`requiredstring

code is the machine-readable error code.

Allowed:`internal error`, `not implemented`, `not found`, `conflict`, `invalid`, `unprocessable entity`, `empty value`, `unavailable`, `forbidden`, `too many requests`, `unauthorized`, `method not allowed`, `request too large`, `unsupported media type`

`err`string

Stack of errors that occurred during processing of the request. Useful for debugging.

`message`string

Human-readable message.

`op`string

Describes the logical code operation when the error occurred. Useful for debugging.

GET`/api/v2/authorizations/{authID}`

### Retrieve an authorization

Retrieves an authorization.

Use this endpoint to retrieve information about an API token, including
the token’s permissions and the user that the token is scoped to.

#### InfluxDB OSS v2

* InfluxDB OSS returns[API token](/influxdb/cloud/reference/glossary/#token) values in authorizations.
* If the request uses an *[operator token](/influxdb/v2/security/tokens/#operator-token)*,
  InfluxDB OSS returns authorizations for all organizations in the instance.

#### Related guides

* [View tokens](/influxdb/cloud/security/tokens/view-tokens/)

#### Parameters

##### Path parameters

`authID`requiredstring

An authorization ID. Specifies the authorization to retrieve.

##### Header parameters

`Zap-Trace-Span`string

OpenTracing span context

Example request[Ask AI about this](#)

```sh
curl --request GET \
  "https://us-east-1-1.aws.cloud2.influxdata.com/api/v2/authorizations/{authID}" \
  --header "Authorization: Bearer INFLUX_TOKEN"
```

#### Responses

200Success. The response body contains the authorization.

400Bad request.

`code`requiredstring

code is the machine-readable error code.

Allowed:`internal error`, `not implemented`, `not found`, `conflict`, `invalid`, `unprocessable entity`, `empty value`, `unavailable`, `forbidden`, `too many requests`, `unauthorized`, `method not allowed`, `request too large`, `unsupported media type`

`err`string

Stack of errors that occurred during processing of the request. Useful for debugging.

`message`string

Human-readable message.

`op`string

Describes the logical code operation when the error occurred. Useful for debugging.

401

Unauthorized. The error may indicate one of the following:

* The `Authorization: Token` header is missing or malformed.
* The API token value is missing from the header.
* The token doesn’t have sufficient permissions to write to this organization and bucket.

`code`string

The HTTP status code description. Default is `unauthorized`.

Allowed:`unauthorized`

`message`string

A human-readable message that may contain detail about the error.

404Not found.

`code`requiredstring

code is the machine-readable error code.

Allowed:`internal error`, `not implemented`, `not found`, `conflict`, `invalid`, `unprocessable entity`, `empty value`, `unavailable`, `forbidden`, `too many requests`, `unauthorized`, `method not allowed`, `request too large`, `unsupported media type`

`err`string

Stack of errors that occurred during processing of the request. Useful for debugging.

`message`string

Human-readable message.

`op`string

Describes the logical code operation when the error occurred. Useful for debugging.

500Internal server error.
The server encountered an unexpected situation.

`code`requiredstring

code is the machine-readable error code.

Allowed:`internal error`, `not implemented`, `not found`, `conflict`, `invalid`, `unprocessable entity`, `empty value`, `unavailable`, `forbidden`, `too many requests`, `unauthorized`, `method not allowed`, `request too large`, `unsupported media type`

`err`string

Stack of errors that occurred during processing of the request. Useful for debugging.

`message`string

Human-readable message.

`op`string

Describes the logical code operation when the error occurred. Useful for debugging.

defaultNon 2XX error response from server.

`code`requiredstring

code is the machine-readable error code.

Allowed:`internal error`, `not implemented`, `not found`, `conflict`, `invalid`, `unprocessable entity`, `empty value`, `unavailable`, `forbidden`, `too many requests`, `unauthorized`, `method not allowed`, `request too large`, `unsupported media type`

`err`string

Stack of errors that occurred during processing of the request. Useful for debugging.

`message`string

Human-readable message.

`op`string

Describes the logical code operation when the error occurred. Useful for debugging.

PATCH`/api/v2/authorizations/{authID}`

### Update an API token to be active or inactive

Updates an authorization.

Use this endpoint to set an API token’s status to be *active* or *inactive*.
InfluxDB rejects requests that use inactive API tokens.

#### Parameters

##### Path parameters

`authID`requiredstring

An authorization ID. Specifies the authorization to update.

##### Header parameters

`Zap-Trace-Span`string

OpenTracing span context

#### Request bodyrequired

In the request body, provide the authorization properties to update.

Content-Type:`application/json`

`description`string

A description of the token.

`status`string

Status of the token. If `inactive`, InfluxDB rejects requests that use the token.

Allowed:`active`, `inactive`

Default:`active`

Example request[Ask AI about this](#)

```sh
curl --request PATCH \
  "https://us-east-1-1.aws.cloud2.influxdata.com/api/v2/authorizations/{authID}" \
  --header "Authorization: Bearer INFLUX_TOKEN" \
  --header "Content-Type: application/json" \
  --data-raw '{
  "description": "DESCRIPTION",
  "status": "active"
}'
```

#### Responses

200Success. The response body contains the updated authorization.

defaultNon 2XX error response from server.

`code`requiredstring

code is the machine-readable error code.

Allowed:`internal error`, `not implemented`, `not found`, `conflict`, `invalid`, `unprocessable entity`, `empty value`, `unavailable`, `forbidden`, `too many requests`, `unauthorized`, `method not allowed`, `request too large`, `unsupported media type`

`err`string

Stack of errors that occurred during processing of the request. Useful for debugging.

`message`string

Human-readable message.

`op`string

Describes the logical code operation when the error occurred. Useful for debugging.

DELETE`/api/v2/authorizations/{authID}`

### Delete an authorization

Deletes an authorization.

Use the endpoint to delete an API token.

If you want to disable an API token instead of delete it,[update the authorization’s status to `inactive`](#operation/PatchAuthorizationsID).

#### Parameters

##### Path parameters

`authID`requiredstring

An authorization ID. Specifies the authorization to delete.

##### Header parameters

`Zap-Trace-Span`string

OpenTracing span context

Example request[Ask AI about this](#)

```sh
curl --request DELETE \
  "https://us-east-1-1.aws.cloud2.influxdata.com/api/v2/authorizations/{authID}" \
  --header "Authorization: Bearer INFLUX_TOKEN"
```

#### Responses

204Success. The authorization is deleted.

400Bad request.

`code`requiredstring

code is the machine-readable error code.

Allowed:`internal error`, `not implemented`, `not found`, `conflict`, `invalid`, `unprocessable entity`, `empty value`, `unavailable`, `forbidden`, `too many requests`, `unauthorized`, `method not allowed`, `request too large`, `unsupported media type`

`err`string

Stack of errors that occurred during processing of the request. Useful for debugging.

`message`string

Human-readable message.

`op`string

Describes the logical code operation when the error occurred. Useful for debugging.

401

Unauthorized. The error may indicate one of the following:

* The `Authorization: Token` header is missing or malformed.
* The API token value is missing from the header.
* The token doesn’t have sufficient permissions to write to this organization and bucket.

`code`string

The HTTP status code description. Default is `unauthorized`.

Allowed:`unauthorized`

`message`string

A human-readable message that may contain detail about the error.

404Not found.

`code`requiredstring

code is the machine-readable error code.

Allowed:`internal error`, `not implemented`, `not found`, `conflict`, `invalid`, `unprocessable entity`, `empty value`, `unavailable`, `forbidden`, `too many requests`, `unauthorized`, `method not allowed`, `request too large`, `unsupported media type`

`err`string

Stack of errors that occurred during processing of the request. Useful for debugging.

`message`string

Human-readable message.

`op`string

Describes the logical code operation when the error occurred. Useful for debugging.

500Internal server error.
The server encountered an unexpected situation.

`code`requiredstring

code is the machine-readable error code.

Allowed:`internal error`, `not implemented`, `not found`, `conflict`, `invalid`, `unprocessable entity`, `empty value`, `unavailable`, `forbidden`, `too many requests`, `unauthorized`, `method not allowed`, `request too large`, `unsupported media type`

`err`string

Stack of errors that occurred during processing of the request. Useful for debugging.

`message`string

Human-readable message.

`op`string

Describes the logical code operation when the error occurred. Useful for debugging.

defaultNon 2XX error response from server.

`code`requiredstring

code is the machine-readable error code.

Allowed:`internal error`, `not implemented`, `not found`, `conflict`, `invalid`, `unprocessable entity`, `empty value`, `unavailable`, `forbidden`, `too many requests`, `unauthorized`, `method not allowed`, `request too large`, `unsupported media type`

`err`string

Stack of errors that occurred during processing of the request. Useful for debugging.

`message`string

Human-readable message.

`op`string

Describes the logical code operation when the error occurred. Useful for debugging.

GET`/api/v2/orgs`

### List organizations

Lists [organizations](/influxdb/cloud/reference/glossary/#organization/).

To limit which organizations are returned, pass query parameters in your request.
If no query parameters are passed, InfluxDB returns all organizations up to the default `limit`.

#### InfluxDB Cloud

* Only returns the organization that owns the token passed in the request.

#### Related guides

* [View organizations](/influxdb/cloud/organizations/view-orgs/)

#### Parameters

##### Query parameters

`offset`integer

The offset for pagination.
The number of records to skip.

For more information about pagination parameters, see [Pagination](/influxdb/cloud/api/#tag/Pagination).

`limit`integer

Limits the number of records returned. Default is `20`.

Default:`20`

`descending`boolean

`org`string

An organization name.
Only returns the specified organization.

`orgID`string

An organization ID.
Only returns the specified organization.

`userID`string

A user ID.
Only returns organizations where the specified user is a member or owner.

##### Header parameters

`Zap-Trace-Span`string

OpenTracing span context

Example request[Ask AI about this](#)

```sh
curl --request GET \
  "https://us-east-1-1.aws.cloud2.influxdata.com/api/v2/orgs" \
  --header "Authorization: Bearer INFLUX_TOKEN"
```

#### Responses

200Success. The response body contains a list of organizations.

`links`string

`orgs`object[]

400

Bad request.
The response body contains detail about the error.

#### InfluxDB OSS v2

* Returns this error if an incorrect value is passed in the `org` parameter or `orgID` parameter.

`code`requiredstring

code is the machine-readable error code.

Allowed:`internal error`, `not implemented`, `not found`, `conflict`, `invalid`, `unprocessable entity`, `empty value`, `unavailable`, `forbidden`, `too many requests`, `unauthorized`, `method not allowed`, `request too large`, `unsupported media type`

`err`string

Stack of errors that occurred during processing of the request. Useful for debugging.

`message`string

Human-readable message.

`op`string

Describes the logical code operation when the error occurred. Useful for debugging.

401

Unauthorized. The error may indicate one of the following:

* The `Authorization: Token` header is missing or malformed.
* The API token value is missing from the header.
* The token doesn’t have sufficient permissions to write to this organization and bucket.

`code`string

The HTTP status code description. Default is `unauthorized`.

Allowed:`unauthorized`

`message`string

A human-readable message that may contain detail about the error.

404

Not found.
A requested resource was not found.
The response body contains the requested resource type and the name value
(if you passed it)–for example:

* `"organization name \"my-org\" not found"`
* `"organization not found"`: indicates you passed an ID that did not match
  an organization.

`code`requiredstring

code is the machine-readable error code.

Allowed:`internal error`, `not implemented`, `not found`, `conflict`, `invalid`, `unprocessable entity`, `empty value`, `unavailable`, `forbidden`, `too many requests`, `unauthorized`, `method not allowed`, `request too large`, `unsupported media type`

`err`string

Stack of errors that occurred during processing of the request. Useful for debugging.

`message`string

Human-readable message.

`op`string

Describes the logical code operation when the error occurred. Useful for debugging.

500Internal server error.
The server encountered an unexpected situation.

`code`requiredstring

code is the machine-readable error code.

Allowed:`internal error`, `not implemented`, `not found`, `conflict`, `invalid`, `unprocessable entity`, `empty value`, `unavailable`, `forbidden`, `too many requests`, `unauthorized`, `method not allowed`, `request too large`, `unsupported media type`

`err`string

Stack of errors that occurred during processing of the request. Useful for debugging.

`message`string

Human-readable message.

`op`string

Describes the logical code operation when the error occurred. Useful for debugging.

defaultNon 2XX error response from server.

`code`requiredstring

code is the machine-readable error code.

Allowed:`internal error`, `not implemented`, `not found`, `conflict`, `invalid`, `unprocessable entity`, `empty value`, `unavailable`, `forbidden`, `too many requests`, `unauthorized`, `method not allowed`, `request too large`, `unsupported media type`

`err`string

Stack of errors that occurred during processing of the request. Useful for debugging.

`message`string

Human-readable message.

`op`string

Describes the logical code operation when the error occurred. Useful for debugging.

GET`/api/v2/orgs/{orgID}`

### Retrieve an organization

Retrieves an organization.

Use this endpoint to retrieve information for a specific organization.

#### Related guides

* [View organizations](/influxdb/cloud/organizations/view-orgs/)

#### Parameters

##### Path parameters

`orgID`requiredstring

The ID of the organization to retrieve.

##### Header parameters

`Zap-Trace-Span`string

OpenTracing span context

Example request[Ask AI about this](#)

```sh
curl --request GET \
  "https://us-east-1-1.aws.cloud2.influxdata.com/api/v2/orgs/{orgID}" \
  --header "Authorization: Bearer INFLUX_TOKEN"
```

#### Responses

200Success.
The response body contains the organization information.

`createdAt`string \<date-time\>

`defaultStorageType`string

Discloses whether the organization uses TSM or IOx.

Allowed:`tsm`, `iox`

`description`string

`id`string

`links`object

Example:`{"buckets":"/api/v2/buckets?org=myorg","dashboards":"/api/v2/dashboards?org=myorg","labels":"/api/v2/orgs/1/labels","members":"/api/v2/orgs/1/members","owners":"/api/v2/orgs/1/owners","secrets":"/api/v2/orgs/1/secrets","self":"/api/v2/orgs/1","tasks":"/api/v2/tasks?org=myorg"}`

`buckets`string

`dashboards`string

`labels`string

`members`string

`owners`string

`secrets`string

`self`string

`tasks`string

`name`requiredstring

`status`string

If inactive, the organization is inactive.

Allowed:`active`, `inactive`

Default:`active`

`updatedAt`string \<date-time\>

401

Unauthorized. The error may indicate one of the following:

* The `Authorization: Token` header is missing or malformed.
* The API token value is missing from the header.
* The token doesn’t have sufficient permissions to write to this organization and bucket.

`code`string

The HTTP status code description. Default is `unauthorized`.

Allowed:`unauthorized`

`message`string

A human-readable message that may contain detail about the error.

404Not found.
Organization not found.

`code`requiredstring

code is the machine-readable error code.

Allowed:`internal error`, `not implemented`, `not found`, `conflict`, `invalid`, `unprocessable entity`, `empty value`, `unavailable`, `forbidden`, `too many requests`, `unauthorized`, `method not allowed`, `request too large`, `unsupported media type`

`err`string

Stack of errors that occurred during processing of the request. Useful for debugging.

`message`string

Human-readable message.

`op`string

Describes the logical code operation when the error occurred. Useful for debugging.

500Internal server error.
The server encountered an unexpected situation.

`code`requiredstring

code is the machine-readable error code.

Allowed:`internal error`, `not implemented`, `not found`, `conflict`, `invalid`, `unprocessable entity`, `empty value`, `unavailable`, `forbidden`, `too many requests`, `unauthorized`, `method not allowed`, `request too large`, `unsupported media type`

`err`string

Stack of errors that occurred during processing of the request. Useful for debugging.

`message`string

Human-readable message.

`op`string

Describes the logical code operation when the error occurred. Useful for debugging.

defaultUnexpected error

`code`requiredstring

code is the machine-readable error code.

Allowed:`internal error`, `not implemented`, `not found`, `conflict`, `invalid`, `unprocessable entity`, `empty value`, `unavailable`, `forbidden`, `too many requests`, `unauthorized`, `method not allowed`, `request too large`, `unsupported media type`

`err`string

Stack of errors that occurred during processing of the request. Useful for debugging.

`message`string

Human-readable message.

`op`string

Describes the logical code operation when the error occurred. Useful for debugging.

GET`/api/v2/orgs/{orgID}/members`

### List all members of an organization

Lists all users that belong to an organization.

InfluxDB [users](/influxdb/cloud/reference/glossary/#user) have
permission to access InfluxDB.

[Members](/influxdb/cloud/reference/glossary/#member) are users
within the organization.

#### InfluxDB Cloud

* Doesn’t use `owner` and `member` roles.
  Use [`/api/v2/authorizations`](#tag/Authorizations-(API-tokens)) to assign user permissions.

#### Limitations

* Member permissions are separate from API token permissions.
* Member permissions are used in the context of the InfluxDB UI.

#### Required permissions

* `read-orgs INFLUX_ORG_ID`

*`INFLUX_ORG_ID`* is the ID of the organization that you want to retrieve
members for.

#### Related guides

* [Manage users](/influxdb/cloud/users/)
* [Manage members](/influxdb/cloud/organizations/members/)

#### Parameters

##### Path parameters

`orgID`requiredstring

The ID of the organization to retrieve users for.

##### Header parameters

`Zap-Trace-Span`string

OpenTracing span context

Example request[Ask AI about this](#)

```sh
curl --request GET \
  "https://us-east-1-1.aws.cloud2.influxdata.com/api/v2/orgs/{orgID}/members" \
  --header "Authorization: Bearer INFLUX_TOKEN"
```

#### Responses

200Success.
The response body contains a list of all users within the organization.

`links`object

`self`string \<uri\>

`users`object[]

400

Bad request.
The response body contains detail about the error.

#### InfluxDB OSS v2

* Returns this error if an incorrect value is passed in the `org` parameter or `orgID` parameter.

`code`requiredstring

code is the machine-readable error code.

Allowed:`internal error`, `not implemented`, `not found`, `conflict`, `invalid`, `unprocessable entity`, `empty value`, `unavailable`, `forbidden`, `too many requests`, `unauthorized`, `method not allowed`, `request too large`, `unsupported media type`

`err`string

Stack of errors that occurred during processing of the request. Useful for debugging.

`message`string

Human-readable message.

`op`string

Describes the logical code operation when the error occurred. Useful for debugging.

401

Unauthorized. The error may indicate one of the following:

* The `Authorization: Token` header is missing or malformed.
* The API token value is missing from the header.
* The token doesn’t have sufficient permissions to write to this organization and bucket.

`code`string

The HTTP status code description. Default is `unauthorized`.

Allowed:`unauthorized`

`message`string

A human-readable message that may contain detail about the error.

404Not found.
InfluxDB can’t find the organization.

`code`requiredstring

code is the machine-readable error code.

Allowed:`internal error`, `not implemented`, `not found`, `conflict`, `invalid`, `unprocessable entity`, `empty value`, `unavailable`, `forbidden`, `too many requests`, `unauthorized`, `method not allowed`, `request too large`, `unsupported media type`

`err`string

Stack of errors that occurred during processing of the request. Useful for debugging.

`message`string

Human-readable message.

`op`string

Describes the logical code operation when the error occurred. Useful for debugging.

500Internal server error.
The server encountered an unexpected situation.

`code`requiredstring

code is the machine-readable error code.

Allowed:`internal error`, `not implemented`, `not found`, `conflict`, `invalid`, `unprocessable entity`, `empty value`, `unavailable`, `forbidden`, `too many requests`, `unauthorized`, `method not allowed`, `request too large`, `unsupported media type`

`err`string

Stack of errors that occurred during processing of the request. Useful for debugging.

`message`string

Human-readable message.

`op`string

Describes the logical code operation when the error occurred. Useful for debugging.

defaultUnexpected error

`code`requiredstring

code is the machine-readable error code.

Allowed:`internal error`, `not implemented`, `not found`, `conflict`, `invalid`, `unprocessable entity`, `empty value`, `unavailable`, `forbidden`, `too many requests`, `unauthorized`, `method not allowed`, `request too large`, `unsupported media type`

`err`string

Stack of errors that occurred during processing of the request. Useful for debugging.

`message`string

Human-readable message.

`op`string

Describes the logical code operation when the error occurred. Useful for debugging.

DELETE`/api/v2/orgs/{orgID}/members/{userID}`

### Remove a member from an organization

Removes a member from an organization.

Use this endpoint to remove a user’s member privileges for an organization.
Removing member privileges removes the user’s `read` and `write` permissions
from the organization.

#### InfluxDB Cloud

* Doesn’t use `owner` and `member` roles.
  Use [`/api/v2/authorizations`](#tag/Authorizations-(API-tokens)) to assign user permissions.

#### Limitations

* Member permissions are separate from API token permissions.
* Member permissions are used in the context of the InfluxDB UI.

#### Required permissions

* `write-orgs INFLUX_ORG_ID`

*`INFLUX_ORG_ID`* is the ID of the organization that you want to remove an
owner from.

#### Related guides

* [Manage members](/influxdb/cloud/organizations/members/)

#### Parameters

##### Path parameters

`userID`requiredstring

The ID of the user to remove.

`orgID`requiredstring

The ID of the organization to remove a user from.

##### Header parameters

`Zap-Trace-Span`string

OpenTracing span context

Example request[Ask AI about this](#)

```sh
curl --request DELETE \
  "https://us-east-1-1.aws.cloud2.influxdata.com/api/v2/orgs/{orgID}/members/{userID}" \
  --header "Authorization: Bearer INFLUX_TOKEN"
```

#### Responses

204Success.
The user is no longer a member of the organization.

401

Unauthorized. The error may indicate one of the following:

* The `Authorization: Token` header is missing or malformed.
* The API token value is missing from the header.
* The token doesn’t have sufficient permissions to write to this organization and bucket.

`code`string

The HTTP status code description. Default is `unauthorized`.

Allowed:`unauthorized`

`message`string

A human-readable message that may contain detail about the error.

404

Not found.
A requested resource was not found.
The response body contains the requested resource type and the name value
(if you passed it)–for example:

* `"organization name \"my-org\" not found"`
* `"organization not found"`: indicates you passed an ID that did not match
  an organization.

`code`requiredstring

code is the machine-readable error code.

Allowed:`internal error`, `not implemented`, `not found`, `conflict`, `invalid`, `unprocessable entity`, `empty value`, `unavailable`, `forbidden`, `too many requests`, `unauthorized`, `method not allowed`, `request too large`, `unsupported media type`

`err`string

Stack of errors that occurred during processing of the request. Useful for debugging.

`message`string

Human-readable message.

`op`string

Describes the logical code operation when the error occurred. Useful for debugging.

500Internal server error.
The server encountered an unexpected situation.

`code`requiredstring

code is the machine-readable error code.

Allowed:`internal error`, `not implemented`, `not found`, `conflict`, `invalid`, `unprocessable entity`, `empty value`, `unavailable`, `forbidden`, `too many requests`, `unauthorized`, `method not allowed`, `request too large`, `unsupported media type`

`err`string

Stack of errors that occurred during processing of the request. Useful for debugging.

`message`string

Human-readable message.

`op`string

Describes the logical code operation when the error occurred. Useful for debugging.

defaultUnexpected error

`code`requiredstring

code is the machine-readable error code.

Allowed:`internal error`, `not implemented`, `not found`, `conflict`, `invalid`, `unprocessable entity`, `empty value`, `unavailable`, `forbidden`, `too many requests`, `unauthorized`, `method not allowed`, `request too large`, `unsupported media type`

`err`string

Stack of errors that occurred during processing of the request. Useful for debugging.

`message`string

Human-readable message.

`op`string

Describes the logical code operation when the error occurred. Useful for debugging.

GET`/api/v2/orgs/{orgID}/owners`

### List all owners of an organization

Lists all owners of an organization.

#### InfluxDB Cloud

* Doesn’t use `owner` and `member` roles.
  Use [`/api/v2/authorizations`](#tag/Authorizations-(API-tokens)) to assign user permissions.

#### Required permissions

* `read-orgs INFLUX_ORG_ID`

*`INFLUX_ORG_ID`* is the ID of the organization that you want to retrieve a
list of owners from.

#### Parameters

##### Path parameters

`orgID`requiredstring

The ID of the organization to list owners for.

##### Header parameters

`Zap-Trace-Span`string

OpenTracing span context

Example request[Ask AI about this](#)

```sh
curl --request GET \
  "https://us-east-1-1.aws.cloud2.influxdata.com/api/v2/orgs/{orgID}/owners" \
  --header "Authorization: Bearer INFLUX_TOKEN"
```

#### Responses

200A list of organization owners

`links`object

`self`string \<uri\>

`users`object[]

404Organization not found

`code`requiredstring

code is the machine-readable error code.

Allowed:`internal error`, `not implemented`, `not found`, `conflict`, `invalid`, `unprocessable entity`, `empty value`, `unavailable`, `forbidden`, `too many requests`, `unauthorized`, `method not allowed`, `request too large`, `unsupported media type`

`err`string

Stack of errors that occurred during processing of the request. Useful for debugging.

`message`string

Human-readable message.

`op`string

Describes the logical code operation when the error occurred. Useful for debugging.

defaultUnexpected error

`code`requiredstring

code is the machine-readable error code.

Allowed:`internal error`, `not implemented`, `not found`, `conflict`, `invalid`, `unprocessable entity`, `empty value`, `unavailable`, `forbidden`, `too many requests`, `unauthorized`, `method not allowed`, `request too large`, `unsupported media type`

`err`string

Stack of errors that occurred during processing of the request. Useful for debugging.

`message`string

Human-readable message.

`op`string

Describes the logical code operation when the error occurred. Useful for debugging.

DELETE`/api/v2/orgs/{orgID}/owners/{userID}`

### Remove an owner from an organization

Removes an [owner](/influxdb/cloud/reference/glossary/#owner) from
the organization.

Organization owners have permission to delete organizations and remove user and member
permissions from the organization.

#### InfluxDB Cloud

* Doesn’t use `owner` and `member` roles.
  Use [`/api/v2/authorizations`](#tag/Authorizations-(API-tokens)) to assign user permissions.

#### Limitations

* Owner permissions are separate from API token permissions.
* Owner permissions are used in the context of the InfluxDB UI.

#### Required permissions

* `write-orgs INFLUX_ORG_ID`

*`INFLUX_ORG_ID`* is the ID of the organization that you want to
remove an owner from.

#### Related endpoints

* [Authorizations](#tag/Authorizations-(API-tokens))

#### Parameters

##### Path parameters

`userID`requiredstring

The ID of the user to remove.

`orgID`requiredstring

The ID of the organization to remove an owner from.

##### Header parameters

`Zap-Trace-Span`string

OpenTracing span context

Example request[Ask AI about this](#)

```sh
curl --request DELETE \
  "https://us-east-1-1.aws.cloud2.influxdata.com/api/v2/orgs/{orgID}/owners/{userID}" \
  --header "Authorization: Bearer INFLUX_TOKEN"
```

#### Responses

204Success.
The user is no longer an owner of the organization.

401

Unauthorized. The error may indicate one of the following:

* The `Authorization: Token` header is missing or malformed.
* The API token value is missing from the header.
* The token doesn’t have sufficient permissions to write to this organization and bucket.

`code`string

The HTTP status code description. Default is `unauthorized`.

Allowed:`unauthorized`

`message`string

A human-readable message that may contain detail about the error.

404

Not found.
A requested resource was not found.
The response body contains the requested resource type and the name value
(if you passed it)–for example:

* `"organization name \"my-org\" not found"`
* `"organization not found"`: indicates you passed an ID that did not match
  an organization.

`code`requiredstring

code is the machine-readable error code.

Allowed:`internal error`, `not implemented`, `not found`, `conflict`, `invalid`, `unprocessable entity`, `empty value`, `unavailable`, `forbidden`, `too many requests`, `unauthorized`, `method not allowed`, `request too large`, `unsupported media type`

`err`string

Stack of errors that occurred during processing of the request. Useful for debugging.

`message`string

Human-readable message.

`op`string

Describes the logical code operation when the error occurred. Useful for debugging.

500Internal server error.
The server encountered an unexpected situation.

`code`requiredstring

code is the machine-readable error code.

Allowed:`internal error`, `not implemented`, `not found`, `conflict`, `invalid`, `unprocessable entity`, `empty value`, `unavailable`, `forbidden`, `too many requests`, `unauthorized`, `method not allowed`, `request too large`, `unsupported media type`

`err`string

Stack of errors that occurred during processing of the request. Useful for debugging.

`message`string

Human-readable message.

`op`string

Describes the logical code operation when the error occurred. Useful for debugging.

defaultUnexpected error

`code`requiredstring

code is the machine-readable error code.

Allowed:`internal error`, `not implemented`, `not found`, `conflict`, `invalid`, `unprocessable entity`, `empty value`, `unavailable`, `forbidden`, `too many requests`, `unauthorized`, `method not allowed`, `request too large`, `unsupported media type`

`err`string

Stack of errors that occurred during processing of the request. Useful for debugging.

`message`string

Human-readable message.

`op`string

Describes the logical code operation when the error occurred. Useful for debugging.

GET`/api/v2/orgs/{orgID}/secrets`

### List all secret keys for an organization

#### Parameters

##### Path parameters

`orgID`requiredstring

The organization ID.

##### Header parameters

`Zap-Trace-Span`string

OpenTracing span context

Example request[Ask AI about this](#)

```sh
curl --request GET \
  "https://us-east-1-1.aws.cloud2.influxdata.com/api/v2/orgs/{orgID}/secrets" \
  --header "Authorization: Bearer INFLUX_TOKEN"
```

#### Responses

200A list of all secret keys

defaultUnexpected error

`code`requiredstring

code is the machine-readable error code.

Allowed:`internal error`, `not implemented`, `not found`, `conflict`, `invalid`, `unprocessable entity`, `empty value`, `unavailable`, `forbidden`, `too many requests`, `unauthorized`, `method not allowed`, `request too large`, `unsupported media type`

`err`string

Stack of errors that occurred during processing of the request. Useful for debugging.

`message`string

Human-readable message.

`op`string

Describes the logical code operation when the error occurred. Useful for debugging.

DELETE`/api/v2/orgs/{orgID}/secrets/{secretID}`

### Delete a secret from an organization

#### Parameters

##### Path parameters

`orgID`requiredstring

The organization ID.

`secretID`requiredstring

The secret ID.

##### Header parameters

`Zap-Trace-Span`string

OpenTracing span context

Example request[Ask AI about this](#)

```sh
curl --request DELETE \
  "https://us-east-1-1.aws.cloud2.influxdata.com/api/v2/orgs/{orgID}/secrets/{secretID}" \
  --header "Authorization: Bearer INFLUX_TOKEN"
```

#### Responses

204Keys successfully deleted

defaultNon 2XX error response from server.

`code`requiredstring

code is the machine-readable error code.

Allowed:`internal error`, `not implemented`, `not found`, `conflict`, `invalid`, `unprocessable entity`, `empty value`, `unavailable`, `forbidden`, `too many requests`, `unauthorized`, `method not allowed`, `request too large`, `unsupported media type`

`err`string

Stack of errors that occurred during processing of the request. Useful for debugging.

`message`string

Human-readable message.

`op`string

Describes the logical code operation when the error occurred. Useful for debugging.

POST`/api/v2/orgs/{orgID}/secrets/delete`

### Delete secrets from an organization

#### Parameters

##### Path parameters

`orgID`requiredstring

The organization ID.

##### Header parameters

`Zap-Trace-Span`string

OpenTracing span context

#### Request bodyrequired

Secret key to delete

Content-Type:`application/json`

`secrets`string[]

Example request[Ask AI about this](#)

```sh
curl --request POST \
  "https://us-east-1-1.aws.cloud2.influxdata.com/api/v2/orgs/{orgID}/secrets/delete" \
  --header "Authorization: Bearer INFLUX_TOKEN" \
  --header "Content-Type: application/json" \
  --data-raw '{
  "secrets": [
    "example"
  ]
}'
```

#### Responses

204Keys successfully patched

defaultUnexpected error

`code`requiredstring

code is the machine-readable error code.

Allowed:`internal error`, `not implemented`, `not found`, `conflict`, `invalid`, `unprocessable entity`, `empty value`, `unavailable`, `forbidden`, `too many requests`, `unauthorized`, `method not allowed`, `request too large`, `unsupported media type`

`err`string

Stack of errors that occurred during processing of the request. Useful for debugging.

`message`string

Human-readable message.

`op`string

Describes the logical code operation when the error occurred. Useful for debugging.

POST`/api/v2/signin`

### Create a user session.

Authenticates [Basic authentication credentials](#section/Authentication/BasicAuthentication)for a [user](/influxdb/cloud/reference/glossary/#user),
and then, if successful, generates a user session.

To authenticate a user, pass the HTTP `Authorization` header with the`Basic` scheme and the base64-encoded username and password.
For syntax and more information, see [Basic Authentication](#section/Authentication/BasicAuthentication) for
syntax and more information.

If authentication is successful, InfluxDB creates a new session for the user
and then returns the session cookie in the `Set-Cookie` response header.

InfluxDB stores user sessions in memory only.
They expire within ten minutes and during restarts of the InfluxDB instance.

#### User sessions with authorizations

* In InfluxDB Cloud, a user session inherits all the user’s permissions for
  the organization.
* In InfluxDB OSS, a user session inherits all the user’s permissions for all
  the organizations that the user belongs to.

#### Related endpoints

* [Signout](#tag/Signout)

#### Parameters

##### Header parameters

`Zap-Trace-Span`string

OpenTracing span context

Example request[Ask AI about this](#)

```sh
curl --request POST \
  "https://us-east-1-1.aws.cloud2.influxdata.com/api/v2/signin" \
  --header "Authorization: Bearer INFLUX_TOKEN"
```

#### Responses

204Success.
The user is authenticated.
The `Set-Cookie` response header contains the session cookie.

401

Unauthorized.
This error may be caused by one of the following problems:

* The user doesn’t have access.
* The user passed incorrect credentials in the request.
* The credentials are formatted incorrectly in the request.

`code`requiredstring

code is the machine-readable error code.

Allowed:`internal error`, `not implemented`, `not found`, `conflict`, `invalid`, `unprocessable entity`, `empty value`, `unavailable`, `forbidden`, `too many requests`, `unauthorized`, `method not allowed`, `request too large`, `unsupported media type`

`err`string

Stack of errors that occurred during processing of the request. Useful for debugging.

`message`string

Human-readable message.

`op`string

Describes the logical code operation when the error occurred. Useful for debugging.

403Forbidden. The user account is disabled.

`code`requiredstring

code is the machine-readable error code.

Allowed:`internal error`, `not implemented`, `not found`, `conflict`, `invalid`, `unprocessable entity`, `empty value`, `unavailable`, `forbidden`, `too many requests`, `unauthorized`, `method not allowed`, `request too large`, `unsupported media type`

`err`string

Stack of errors that occurred during processing of the request. Useful for debugging.

`message`string

Human-readable message.

`op`string

Describes the logical code operation when the error occurred. Useful for debugging.

defaultUnsuccessful authentication.

`code`requiredstring

code is the machine-readable error code.

Allowed:`internal error`, `not implemented`, `not found`, `conflict`, `invalid`, `unprocessable entity`, `empty value`, `unavailable`, `forbidden`, `too many requests`, `unauthorized`, `method not allowed`, `request too large`, `unsupported media type`

`err`string

Stack of errors that occurred during processing of the request. Useful for debugging.

`message`string

Human-readable message.

`op`string

Describes the logical code operation when the error occurred. Useful for debugging.

POST`/api/v2/signout`

### Expire a user session

Expires a user session specified by a session cookie.

Use this endpoint to expire a user session that was generated when the user
authenticated with the InfluxDB Developer Console (UI) or the `POST /api/v2/signin` endpoint.

For example, the `POST /api/v2/signout` endpoint represents the third step
in the following three-step process
to authenticate a user, retrieve the `user` resource, and then expire the session:

1. Send a request with the user’s [Basic authentication credentials](#section/Authentication/BasicAuthentication)to the `POST /api/v2/signin` endpoint to create a user session and
   generate a session cookie.
2. Send a request to the `GET /api/v2/me` endpoint, passing the stored session cookie
   from step 1 to retrieve user information.
3. Send a request to the `POST /api/v2/signout` endpoint, passing the stored session
   cookie to expire the session.

*See the complete example in request samples.*

InfluxDB stores user sessions in memory only.
If a user doesn’t sign out, then the user session automatically expires within ten minutes or
during a restart of the InfluxDB instance.

To learn more about cookies in HTTP requests, see[Mozilla Developer Network (MDN) Web Docs, HTTP cookies](https://developer.mozilla.org/en-US/docs/Web/HTTP/Cookies).

#### Related endpoints

* [Signin](#tag/Signin)

#### Parameters

##### Header parameters

`Zap-Trace-Span`string

OpenTracing span context

Example request[Ask AI about this](#)

```sh
curl --request POST \
  "https://us-east-1-1.aws.cloud2.influxdata.com/api/v2/signout" \
  --header "Authorization: Bearer INFLUX_TOKEN"
```

#### Responses

204Success. The session is expired.

401Unauthorized.

`code`requiredstring

code is the machine-readable error code.

Allowed:`internal error`, `not implemented`, `not found`, `conflict`, `invalid`, `unprocessable entity`, `empty value`, `unavailable`, `forbidden`, `too many requests`, `unauthorized`, `method not allowed`, `request too large`, `unsupported media type`

`err`string

Stack of errors that occurred during processing of the request. Useful for debugging.

`message`string

Human-readable message.

`op`string

Describes the logical code operation when the error occurred. Useful for debugging.

defaultThe session expiry is unsuccessful.

`code`requiredstring

code is the machine-readable error code.

Allowed:`internal error`, `not implemented`, `not found`, `conflict`, `invalid`, `unprocessable entity`, `empty value`, `unavailable`, `forbidden`, `too many requests`, `unauthorized`, `method not allowed`, `request too large`, `unsupported media type`

`err`string

Stack of errors that occurred during processing of the request. Useful for debugging.

`message`string

Human-readable message.

`op`string

Describes the logical code operation when the error occurred. Useful for debugging.

GET`/api/v2/users`

### List users

Lists [users](/influxdb/cloud/reference/glossary/#user).

To limit which users are returned, pass query parameters in your request.

#### InfluxDB Cloud

* InfluxDB Cloud doesn’t allow listing all users through the API.
  Use the InfluxDB Cloud user interface (UI) to manage account information.

#### Required permissions for InfluxDB Cloud

|       Action       |        Permission required        |        Restriction         |
|--------------------|-----------------------------------|----------------------------|
|   List all users   |          Operator token           |InfluxData internal use only|
|List a specific user|`read-users` or `read-user USER_ID`|                            |

*`USER_ID`* is the ID of the user that you want to retrieve.

#### Related guides

* [Manage users](/influxdb/cloud/organizations/users/)

#### Parameters

##### Query parameters

`name`string

A user name.
Only lists the specified [user](/influxdb/cloud/reference/glossary/#user).

`id`string

A user id.
Only lists the specified [user](/influxdb/cloud/reference/glossary/#user).

##### Header parameters

`Zap-Trace-Span`string

OpenTracing span context

Example request[Ask AI about this](#)

```sh
curl --request GET \
  "https://us-east-1-1.aws.cloud2.influxdata.com/api/v2/users" \
  --header "Authorization: Bearer INFLUX_TOKEN"
```

#### Responses

200

Success. The response contains a list of `users`.

#### InfluxDB Cloud

* Returns an empty `users` list if you don’t pass *`id`* or *`name`* parameters and don’t use an*operator token*.
  Only InfluxData can access InfluxDB Cloud operator tokens.

`links`object

`self`string \<uri\>

`users`object[]

401Unauthorized.

`code`requiredstring

code is the machine-readable error code.

Allowed:`internal error`, `not implemented`, `not found`, `conflict`, `invalid`, `unprocessable entity`, `empty value`, `unavailable`, `forbidden`, `too many requests`, `unauthorized`, `method not allowed`, `request too large`, `unsupported media type`

`err`string

Stack of errors that occurred during processing of the request. Useful for debugging.

`message`string

Human-readable message.

`op`string

Describes the logical code operation when the error occurred. Useful for debugging.

422

Unprocessable entity.

The error may indicate one of the following problems:

* The request body isn’t valid–the request is well-formed,
  but InfluxDB can’t process it due to semantic errors.
* You passed a parameter combination that InfluxDB doesn’t support.

`code`requiredstring

code is the machine-readable error code.

Allowed:`internal error`, `not implemented`, `not found`, `conflict`, `invalid`, `unprocessable entity`, `empty value`, `unavailable`, `forbidden`, `too many requests`, `unauthorized`, `method not allowed`, `request too large`, `unsupported media type`

`err`string

Stack of errors that occurred during processing of the request. Useful for debugging.

`message`string

Human-readable message.

`op`string

Describes the logical code operation when the error occurred. Useful for debugging.

500Internal server error.
The server encountered an unexpected situation.

`code`requiredstring

code is the machine-readable error code.

Allowed:`internal error`, `not implemented`, `not found`, `conflict`, `invalid`, `unprocessable entity`, `empty value`, `unavailable`, `forbidden`, `too many requests`, `unauthorized`, `method not allowed`, `request too large`, `unsupported media type`

`err`string

Stack of errors that occurred during processing of the request. Useful for debugging.

`message`string

Human-readable message.

`op`string

Describes the logical code operation when the error occurred. Useful for debugging.

defaultNon 2XX error response from server.

`code`requiredstring

code is the machine-readable error code.

Allowed:`internal error`, `not implemented`, `not found`, `conflict`, `invalid`, `unprocessable entity`, `empty value`, `unavailable`, `forbidden`, `too many requests`, `unauthorized`, `method not allowed`, `request too large`, `unsupported media type`

`err`string

Stack of errors that occurred during processing of the request. Useful for debugging.

`message`string

Human-readable message.

`op`string

Describes the logical code operation when the error occurred. Useful for debugging.

POST`/api/v2/users/{userID}/password`

### Update a password

Updates a user password.

#### InfluxDB Cloud

* Doesn’t allow you to manage user passwords through the API.
  Use the InfluxDB Cloud user interface (UI) to update a password.

#### Related guides

* [InfluxDB Cloud - Change your password](/influxdb/cloud/account-management/change-password/)
* [InfluxDB OSS - Change your password](/influxdb/v2/users/change-password/)

#### Parameters

##### Path parameters

`userID`requiredstring

The ID of the user to set the password for.

##### Header parameters

`Zap-Trace-Span`string

OpenTracing span context

#### Request bodyrequired

The new password to set for the user.

Content-Type:`application/json`

`password`requiredstring

Example request[Ask AI about this](#)

```sh
curl --request POST \
  "https://us-east-1-1.aws.cloud2.influxdata.com/api/v2/users/{userID}/password" \
  --header "Authorization: Bearer INFLUX_TOKEN" \
  --header "Content-Type: application/json" \
  --data-raw '{
  "password": "PASSWORD"
}'
```

#### Responses

204Success. The password is updated.

400

Bad request.

#### InfluxDB Cloud

* Doesn’t allow you to manage passwords through the API; always responds with this status.

#### InfluxDB OSS v2

* Doesn’t understand a value passed in the request.

`code`requiredstring

code is the machine-readable error code.

Allowed:`internal error`, `not implemented`, `not found`, `conflict`, `invalid`, `unprocessable entity`, `empty value`, `unavailable`, `forbidden`, `too many requests`, `unauthorized`, `method not allowed`, `request too large`, `unsupported media type`

`err`string

Stack of errors that occurred during processing of the request. Useful for debugging.

`message`string

Human-readable message.

`op`string

Describes the logical code operation when the error occurred. Useful for debugging.

defaultNon 2XX error response from server.

`code`requiredstring

code is the machine-readable error code.

Allowed:`internal error`, `not implemented`, `not found`, `conflict`, `invalid`, `unprocessable entity`, `empty value`, `unavailable`, `forbidden`, `too many requests`, `unauthorized`, `method not allowed`, `request too large`, `unsupported media type`

`err`string

Stack of errors that occurred during processing of the request. Useful for debugging.

`message`string

Human-readable message.

`op`string

Describes the logical code operation when the error occurred. Useful for debugging.

PUT`/api/v2/users/{userID}/password`

### Update a password

Updates a user password.

Use this endpoint to let a user authenticate with[Basic authentication credentials](#section/Authentication/BasicAuthentication)and set a new password.

#### InfluxDB Cloud

* Doesn’t allow you to manage user passwords through the API.
  Use the InfluxDB Cloud user interface (UI) to update a password.

#### Related guides

* [InfluxDB Cloud - Change your password](/influxdb/cloud/account-management/change-password/)
* [InfluxDB OSS - Change your password](/influxdb/v2/users/change-password/)

#### Parameters

##### Path parameters

`userID`requiredstring

The ID of the user to set the password for.

##### Header parameters

`Zap-Trace-Span`string

OpenTracing span context

#### Request bodyrequired

The new password to set for the user.

Content-Type:`application/json`

`password`requiredstring

Example request[Ask AI about this](#)

```sh
curl --request PUT \
  "https://us-east-1-1.aws.cloud2.influxdata.com/api/v2/users/{userID}/password" \
  --header "Authorization: Bearer INFLUX_TOKEN" \
  --header "Content-Type: application/json" \
  --data-raw '{
  "password": "PASSWORD"
}'
```

#### Responses

204Success. The password is updated.

400

Bad request.

#### InfluxDB Cloud

* Doesn’t allow you to manage passwords through the API; always responds with this status.

#### InfluxDB OSS v2

* Doesn’t understand a value passed in the request.

`code`requiredstring

code is the machine-readable error code.

Allowed:`internal error`, `not implemented`, `not found`, `conflict`, `invalid`, `unprocessable entity`, `empty value`, `unavailable`, `forbidden`, `too many requests`, `unauthorized`, `method not allowed`, `request too large`, `unsupported media type`

`err`string

Stack of errors that occurred during processing of the request. Useful for debugging.

`message`string

Human-readable message.

`op`string

Describes the logical code operation when the error occurred. Useful for debugging.

defaultNon 2XX error response from server.

`code`requiredstring

code is the machine-readable error code.

Allowed:`internal error`, `not implemented`, `not found`, `conflict`, `invalid`, `unprocessable entity`, `empty value`, `unavailable`, `forbidden`, `too many requests`, `unauthorized`, `method not allowed`, `request too large`, `unsupported media type`

`err`string

Stack of errors that occurred during processing of the request. Useful for debugging.

`message`string

Human-readable message.

`op`string

Describes the logical code operation when the error occurred. Useful for debugging.

#### Related

* [View tokens](https://docs.influxdata.com/influxdb/cloud/security/tokens/view-tokens/)
| Action | Permission required | Restriction |
| --- | --- | --- |
| Action | Permission required | Restriction |
| List all users | Operator token | InfluxData internal use only |
| List a specific user | read-users  or  read-user USER_ID |  |