Documentation

InfluxDB Cloud

Create a token

Create API tokens using the InfluxDB user interface (UI), the influx command line interface (CLI), or the InfluxDB API.

To follow best practices for secure API token generation and retrieval, InfluxDB enforces access restrictions on API tokens.

  • Tokens are visible to the user who created the token.
  • InfluxDB only allows access to the API token value immediately after the token is created.
  • You can’t change access (read/write) permissions for an API token after it’s created.
  • Tokens stop working when the user who created the token is deleted.

We recommend the following for managing your tokens:

  • Create a generic user to create and manage tokens for writing data.
  • Store your tokens in a secure password vault for future access.

Manage tokens in the InfluxDB UI

To manage InfluxDB API Tokens in the InfluxDB UI, navigate to the API Tokens management page.

In the navigation menu on the left, select Load Data > API Tokens.

Load Data

Create a token in the InfluxDB UI

Create an all-access token

  1. From the API Tokens management page, click the Generate API Token button.
  2. Select All Access API Token.

Create a custom token

  1. From the API Tokens management page, click the Generate API Token button.
  2. Select Custom API Token.
  3. When the Generate a Personal API Token window appears, enter a description. If you don’t provide a description for the token, InfluxDB will generate a description from the permissions you assign. For example, if you select Read for a bucket named “_monitoring” and Write for a bucket named “_tasks”, InfluxDB will generate the description “Read buckets _monitoring Write buckets _tasks”.
  4. Select the check boxes in the Read and Write columns to assign access permissions for the token. You can enable access to all buckets, individual buckets, Telegraf configurations, and other InfluxDB resources. By default, the new token has no access permissions.
  5. When you’re finished, click Generate.
  6. When InfluxDB displays the token value, click Copy to Clipboard. This is your only chance to access and copy the token value from InfluxDB.
  7. (Optional) Store the API token value in a secure password vault.

Clone a token

To create a token with the same authorizations as an existing token, clone the existing token.

  1. From the API Tokens management page, find the token you want to clone and click the icon located far right of the token description.
  2. Select Clone.
  3. When InfluxDB UI displays the created token, click Copy to Clipboard. This is your only chance to access and copy the token value from InfluxDB.
  4. (Optional) Store the API token value in a secure password vault.

Create a token using the influx CLI

InfluxDB 2.4 introduced a bug that prevents you from creating an all-access or operator token using the influx auth create command, and causes the following error: Error: could not write auth with provided arguments: 403 Forbidden: permission.

Until this bug is resolved in the next influx CLI release, please use the workaround below to create an all-access or operator token.

Workaround: To create an all-access or operator token

  • Use the following command to create an all-access or operator token. For an operator token, you must also include the --read-orgs and --write-orgs flags.
influx auth create    
                      --org-id or --org              \
                      --read-authorizations          \
                      --write-authorizations         \
                      --read-buckets                 \
                      --write-buckets                \
                      --read-dashboards              \
                      --write-dashboards             \
                      --read-tasks                   \
                      --write-tasks                  \
                      --read-telegrafs               \
                      --write-telegrafs              \
                      --read-users                   \
                      --write-users                  \
                      --read-variables               \
                      --write-variables              \
                      --read-secrets                 \
                      --write-secrets                \
                      --read-labels                  \
                      --write-labels                 \
                      --read-views                   \
                      --write-views                  \
                      --read-documents               \
                      --write-documents              \
                      --read-notificationRules       \
                      --write-notificationRules      \
                      --read-notificationEndpoints   \
                      --write-notificationEndpoints  \
                      --read-checks                  \
                      --write-checks                 \
                      --read-dbrp                    \
                      --write-dbrp                   \
                      --read-annotations             \
                      --write-annotations            \
                      --read-sources                 \
                      --write-sources                \
                      --read-scrapers                \
                      --write-scrapers               \
                      --read-notebooks               \
                      --write-notebooks              \
                      --read-remotes                 \
                      --write-remotes                \
                      --read-replications            \
                      --write-replications

Was this page helpful?

Thank you for your feedback!

© 2023 InfluxData, Inc.

Select your InfluxDB Cloud region

Select your InfluxDB Cloud region and cluster and we’ll customize code examples for you. Identify your InfluxDB Cloud cluster.

AWS

  • US West (Oregon)

GCP
Azure

For more information, see InfluxDB Cloud regions.

Thank you for your feedback!

Let us know what we can do better:

Thank you!

No thanks

Select your region

Linux Package Signing Key Rotation

All signed InfluxData Linux packages have been resigned with an updated key. If using Linux, you may need to update your package configuration to continue to download and verify InfluxData software packages.

For more information, see the Linux Package Signing Key Rotation blog post.

State of the InfluxDB Cloud (IOx) documentation

The new documentation for InfluxDB Cloud backed by InfluxDB IOx is a work in progress. We are adding new information and content almost daily. Thank you for your patience!

If there is specific information you’re looking for, please submit a documentation issue.

InfluxDB Cloud powered by TSM

You are currently viewing documentation specific to InfluxDB Cloud powered by the TSM storage engine, which offers different functionality than InfluxDB Cloud powered by the IOx storage engine.

Are you using the TSM storage engine? How to find out?

Visit your organization's homepage and look for:

InfluxDB Cloud powered by TSM
Yes – I'm using TSM No – I'm using IOx