Documentation

Create a token

This page documents an earlier version of InfluxDB. InfluxDB v2.6 is the latest stable version. View this page in the v2.6 documentation.

Create API tokens using the InfluxDB user interface (UI), the influx command line interface (CLI), or the InfluxDB API.

Tokens are visible to the user who created the token. Users who own a token with operator permissions also have access to all tokens. Tokens stop working when the user who created the token is deleted.

We recommend creating a generic user to create and manage tokens for writing data.

Manage tokens in the InfluxDB UI

To manage InfluxDB API Tokens in the InfluxDB UI, navigate to the API Tokens management page.

In the navigation menu on the left, select Data (Load Data) > Tokens.

Create a token in the InfluxDB UI

  1. From the API Tokens management page, click Generate and select a token type (Read/Write Token or All Access API Token).
  2. In the window that appears, enter a description for your token in the Description field.
  3. If generating a read/write token:
    • Search for and select buckets to read from in the Read pane.
    • Search for and select buckets to write to in the Write pane.
  4. Click Save.

Create a token using the influx CLI

Issue resolved: Using InfluxDB 2.4 and influx CLI 2.4 prevented you from creating an all-access or operator token using the influx auth create command. This issue is resolved in the influx 2.5 CLI release. Please upgrade to the latest version of the influx cli.

Use the influx auth create command to create a token. Include flags with the command to grant specific permissions to the token. See the available flags. Only tokens with the write: authorizations permission can create tokens.

# Syntax
influx auth create -o <org-name> [permission-flags]

Examples

Create an all-access token

Create an All-Access token to grant permissions to all resources in an organization.

influx auth create \
  --org my-org \
  --all-access

Create an operator token

Create an operator token to grant permissions to all resources in all organizations.

influx auth create \
  --org my-org \
  --operator

To view or create an operator token with the InfluxDB UI, api/v2 API, or influx CLI after the setup process is completed, you must use an existing operator token.

To create a new operator token without using an existing one, see how to use the influxd recovery auth CLI.

Create a token with specified read permissions

influx auth create \
  --org my-org \
  --read-bucket 03a2bbf46309a000 \
  --read-bucket 3a87c03ace269000 \
  --read-dashboards \
  --read-tasks \
  --read-telegrafs \
  --read-user

See the influx auth create documentation for information about other available flags.

Create a token using the InfluxDB API

Use the /api/v2/authorizations InfluxDB API endpoint to create a token.

POST http://localhost:8086/api/v2/authorizations

Include the following in your request:

RequirementInclude by
API token with the write: authorizations permissionUse the Authorization header and the Bearer or Token scheme.
OrganizationPass as orgID in the request body.
Permissions listPass as a permissions array in the request body.
INFLUX_ORG_ID=YOUR_ORG_ID
INFLUX_TOKEN=YOUR_API_TOKEN

curl -v --request POST \
  http://localhost:8086/api/v2/authorizations \
  --header "Authorization: Token ${INFLUX_TOKEN}" \
  --header 'Content-type: application/json' \
  --data '{
  "status": "active",
  "description": "iot-center-device",
  "orgID": "'"${INFLUX_ORG_ID}"'",
  "permissions": [
    {
      "action": "read",
      "resource": {
        "orgID": "'"${INFLUX_ORG_ID}"'",
        "type": "authorizations"
      }
    },
    {
      "action": "read",
      "resource": {
        "orgID": "'"${INFLUX_ORG_ID}"'",
        "type": "buckets"
      }
    },
    {
      "action": "write",
      "resource": {
        "orgID": "'"${INFLUX_ORG_ID}"'",
        "type": "buckets",
        "name": "iot-center" 
      }
    }
  ]
}'

Create a token scoped to a user

To scope a token to a user other than the token creator, pass userID in the request body.

######################################################
# The example below uses common command-line tools 
# `curl`, `jq` with the InfluxDB API to do the following:
# 1. Create a user.
# 2. Find the new or existing user by name.
# 3. If the user exists:
#   a. Build an authorization object with the user ID.
#   b. Create the new authorization.
#   c. Return the new token.
######################################################

INFLUX_ORG_ID=YOUR_ORG_ID
INFLUX_TOKEN=YOUR_API_TOKEN

function create_token_with_user() {
  curl --request POST \
    "http://localhost:8086/api/v2/users/" \
    --header "Authorization: Token ${INFLUX_TOKEN}" \
    --header 'Content-type: application/json' \
    --data "{\"name\": \"$1\"}"
  
  curl --request GET \
    "http://localhost:8086/api/v2/users?name=$1" \
    --header "Authorization: Token ${INFLUX_TOKEN}" \
    --header 'Content-type: application/json' | \
  
  jq --arg USER $1 '.users[0] // error("User missing")
    | {
        "orgID": "'"${INFLUX_ORG_ID}"'",
        "userID": .id,
        "description": $USER,
        "permissions": [
           {"action": "read", "resource": {"type": "buckets"}}
         ]
      }' | \
  
  curl --request POST \
    "http://localhost:8086/api/v2/authorizations" \
    --header "Authorization: Token ${INFLUX_TOKEN}" \
    --header 'Content-type: application/json' \
    --data @- | \
  
  jq '.token'
}

create_token_with_user 'iot_user_1'

See the POST /api/v2/authorizations documentation for more information about options.


Was this page helpful?

Thank you for your feedback!


Set your InfluxDB URL

Linux Package Signing Key Rotation

All signed InfluxData Linux packages have been resigned with an updated key. If using Linux, you may need to update your package configuration to continue to download and verify InfluxData software packages.

For more information, see the Linux Package Signing Key Rotation blog post.

InfluxDB Cloud backed by InfluxDB IOx

All InfluxDB Cloud organizations created on or after January 31, 2023 are backed by the new InfluxDB IOx storage engine. Check the right column of your InfluxDB Cloud organization homepage to see which InfluxDB storage engine you’re using.

If powered by IOx, this is the correct documentation.

If powered by TSM, see the TSM-based InfluxDB Cloud documentation.

InfluxDB Cloud backed by InfluxDB TSM

All InfluxDB Cloud organizations created on or after January 31, 2023 are backed by the new InfluxDB IOx storage engine which enables nearly unlimited series cardinality and SQL query support. Check the right column of your InfluxDB Cloud organization homepage to see which InfluxDB storage engine you’re using.

If powered by TSM, this is the correct documentation.

If powered by IOx, see the IOx-based InfluxDB Cloud documentation.

State of the InfluxDB Cloud (IOx) documentation

The new documentation for InfluxDB Cloud backed by InfluxDB IOx is a work in progress. We are adding new information and content almost daily. Thank you for your patience!

If there is specific information you’re looking for, please submit a documentation issue.