Authorizations (API tokens)

Download InfluxDB API Spec
Create and manage API token authorizations that grant read and write permissions to InfluxDB OSS v2 organization resources.
GET /api/v2/authorizations

List authorizations

Lists authorizations.

To limit which authorizations are returned, pass query parameters in your request. If no query parameters are passed, InfluxDB returns all authorizations.

InfluxDB Cloud

  • InfluxDB Cloud doesn’t expose API token values in GET /api/v2/authorizations responses; returns token: redacted for all authorizations.

Required permissions

To retrieve an authorization, the request must use an API token that has the following permissions:

  • read-authorizations
  • read-user for the user that the authorization is scoped to

Parameters

Query parameters
userID string
A user ID. Only returns authorizations scoped to the specified user.
user string
A user name. Only returns authorizations scoped to the specified user.
orgID string
An organization ID. Only returns authorizations that belong to the specified organization.
org string
An organization name. Only returns authorizations that belong to the specified organization.
token string

An API token value. Specifies an authorization by its token property value and returns the authorization.

InfluxDB OSS v2

  • Doesn’t support this parameter. InfluxDB OSS ignores the token= parameter, applies other parameters, and then returns the result.

Limitations

  • The parameter is non-repeatable. If you specify more than one, only the first one is used. If a resource with the specified property value doesn’t exist, then the response body contains an empty list.
Header parameters
Zap-Trace-Span string
OpenTracing span context
Example request Ask AI about this
curl --request GET \
  "http://localhost:8086/api/v2/authorizations" \
  --header "Authorization: Bearer INFLUX_TOKEN"

Responses

200

Success. The response body contains a list of authorizations.

If the response body is missing authorizations that you expect, check that the API token used in the request has read-user permission for the users (userID property value) in those authorizations.

InfluxDB OSS v2

  • Warning: The response body contains authorizations with their API token values in clear text.
  • If the request uses an operator token, InfluxDB OSS returns authorizations for all organizations in the instance.
authorizations object[]
links string
400 Non 2XX error response from server.
code required string
code is the machine-readable error code.
Allowed: internal error , not implemented , not found , conflict , invalid , unprocessable entity , empty value , unavailable , forbidden , too many requests , unauthorized , method not allowed , request too large , unsupported media type
err string
Stack of errors that occurred during processing of the request. Useful for debugging.
message string
Human-readable message.
op string
Describes the logical code operation when the error occurred. Useful for debugging.
401

Unauthorized. The error may indicate one of the following:

  • The Authorization: Token header is missing or malformed.
  • The API token value is missing from the header.
  • The token doesn’t have sufficient permissions to write to this organization and bucket.
code string
The HTTP status code description. Default is unauthorized.
Allowed: unauthorized
message string
A human-readable message that may contain detail about the error.
500 Internal server error. The server encountered an unexpected situation.
code required string
code is the machine-readable error code.
Allowed: internal error , not implemented , not found , conflict , invalid , unprocessable entity , empty value , unavailable , forbidden , too many requests , unauthorized , method not allowed , request too large , unsupported media type
err string
Stack of errors that occurred during processing of the request. Useful for debugging.
message string
Human-readable message.
op string
Describes the logical code operation when the error occurred. Useful for debugging.
default Non 2XX error response from server.
code required string
code is the machine-readable error code.
Allowed: internal error , not implemented , not found , conflict , invalid , unprocessable entity , empty value , unavailable , forbidden , too many requests , unauthorized , method not allowed , request too large , unsupported media type
err string
Stack of errors that occurred during processing of the request. Useful for debugging.
message string
Human-readable message.
op string
Describes the logical code operation when the error occurred. Useful for debugging.
POST /api/v2/authorizations

Create an authorization

Creates an authorization and returns the authorization with the generated API token.

Use this endpoint to create an authorization, which generates an API token with permissions to read or write to a specific resource or type of resource. The API token is the authorization’s token property value.

To follow best practices for secure API token generation and retrieval, InfluxDB enforces access restrictions on API tokens.

  • InfluxDB allows access to the API token value immediately after the authorization is created.
  • You can’t change access (read/write) permissions for an API token after it’s created.
  • Tokens stop working when the user who created the token is deleted.

We recommend the following for managing your tokens:

  • Create a generic user to create and manage tokens for writing data.
  • Store your tokens in a secure password vault for future access.

Required permissions

  • write-authorizations
  • write-user for the user that the authorization is scoped to

Parameters

Header parameters
Zap-Trace-Span string
OpenTracing span context

Request body required

The authorization to create.
Content-Type: application/json
Example request Ask AI about this
curl --request POST \
  "http://localhost:8086/api/v2/authorizations" \
  --header "Authorization: Bearer INFLUX_TOKEN" \
  --header "Content-Type: application/json"

Responses

201 Success. The authorization is created. The response body contains the authorization.
400 Non 2XX error response from server.
code required string
code is the machine-readable error code.
Allowed: internal error , not implemented , not found , conflict , invalid , unprocessable entity , empty value , unavailable , forbidden , too many requests , unauthorized , method not allowed , request too large , unsupported media type
err string
Stack of errors that occurred during processing of the request. Useful for debugging.
message string
Human-readable message.
op string
Describes the logical code operation when the error occurred. Useful for debugging.
401

Unauthorized. The error may indicate one of the following:

  • The Authorization: Token header is missing or malformed.
  • The API token value is missing from the header.
  • The token doesn’t have sufficient permissions to write to this organization and bucket.
code string
The HTTP status code description. Default is unauthorized.
Allowed: unauthorized
message string
A human-readable message that may contain detail about the error.
500 Internal server error. The server encountered an unexpected situation.
code required string
code is the machine-readable error code.
Allowed: internal error , not implemented , not found , conflict , invalid , unprocessable entity , empty value , unavailable , forbidden , too many requests , unauthorized , method not allowed , request too large , unsupported media type
err string
Stack of errors that occurred during processing of the request. Useful for debugging.
message string
Human-readable message.
op string
Describes the logical code operation when the error occurred. Useful for debugging.
default Non 2XX error response from server.
code required string
code is the machine-readable error code.
Allowed: internal error , not implemented , not found , conflict , invalid , unprocessable entity , empty value , unavailable , forbidden , too many requests , unauthorized , method not allowed , request too large , unsupported media type
err string
Stack of errors that occurred during processing of the request. Useful for debugging.
message string
Human-readable message.
op string
Describes the logical code operation when the error occurred. Useful for debugging.
GET /api/v2/authorizations/{authID}

Retrieve an authorization

Retrieves an authorization.

Use this endpoint to retrieve information about an API token, including the token’s permissions and the user that the token is scoped to.

InfluxDB OSS v2

  • InfluxDB OSS returns API token values in authorizations.
  • If the request uses an operator token, InfluxDB OSS returns authorizations for all organizations in the instance.

Parameters

Path parameters
authID required string
An authorization ID. Specifies the authorization to retrieve.
Header parameters
Zap-Trace-Span string
OpenTracing span context
Example request Ask AI about this
curl --request GET \
  "http://localhost:8086/api/v2/authorizations/{authID}" \
  --header "Authorization: Bearer INFLUX_TOKEN"

Responses

200 Success. The response body contains the authorization.
400 Bad request.
code required string
code is the machine-readable error code.
Allowed: internal error , not implemented , not found , conflict , invalid , unprocessable entity , empty value , unavailable , forbidden , too many requests , unauthorized , method not allowed , request too large , unsupported media type
err string
Stack of errors that occurred during processing of the request. Useful for debugging.
message string
Human-readable message.
op string
Describes the logical code operation when the error occurred. Useful for debugging.
401

Unauthorized. The error may indicate one of the following:

  • The Authorization: Token header is missing or malformed.
  • The API token value is missing from the header.
  • The token doesn’t have sufficient permissions to write to this organization and bucket.
code string
The HTTP status code description. Default is unauthorized.
Allowed: unauthorized
message string
A human-readable message that may contain detail about the error.
404 Not found.
code required string
code is the machine-readable error code.
Allowed: internal error , not implemented , not found , conflict , invalid , unprocessable entity , empty value , unavailable , forbidden , too many requests , unauthorized , method not allowed , request too large , unsupported media type
err string
Stack of errors that occurred during processing of the request. Useful for debugging.
message string
Human-readable message.
op string
Describes the logical code operation when the error occurred. Useful for debugging.
500 Internal server error. The server encountered an unexpected situation.
code required string
code is the machine-readable error code.
Allowed: internal error , not implemented , not found , conflict , invalid , unprocessable entity , empty value , unavailable , forbidden , too many requests , unauthorized , method not allowed , request too large , unsupported media type
err string
Stack of errors that occurred during processing of the request. Useful for debugging.
message string
Human-readable message.
op string
Describes the logical code operation when the error occurred. Useful for debugging.
default Non 2XX error response from server.
code required string
code is the machine-readable error code.
Allowed: internal error , not implemented , not found , conflict , invalid , unprocessable entity , empty value , unavailable , forbidden , too many requests , unauthorized , method not allowed , request too large , unsupported media type
err string
Stack of errors that occurred during processing of the request. Useful for debugging.
message string
Human-readable message.
op string
Describes the logical code operation when the error occurred. Useful for debugging.
PATCH /api/v2/authorizations/{authID}

Update an API token to be active or inactive

Updates an authorization.

Use this endpoint to set an API token’s status to be active or inactive. InfluxDB rejects requests that use inactive API tokens.

Parameters

Path parameters
authID required string
An authorization ID. Specifies the authorization to update.
Header parameters
Zap-Trace-Span string
OpenTracing span context

Request body required

In the request body, provide the authorization properties to update.
Content-Type: application/json
description string
A description of the token.
status string
Status of the token. If inactive, InfluxDB rejects requests that use the token.
Allowed: active , inactive
Default: active
Example request Ask AI about this
curl --request PATCH \
  "http://localhost:8086/api/v2/authorizations/{authID}" \
  --header "Authorization: Bearer INFLUX_TOKEN" \
  --header "Content-Type: application/json" \
  --data-raw '{
  "description": "DESCRIPTION",
  "status": "active"
}'

Responses

200 Success. The response body contains the updated authorization.
default Non 2XX error response from server.
code required string
code is the machine-readable error code.
Allowed: internal error , not implemented , not found , conflict , invalid , unprocessable entity , empty value , unavailable , forbidden , too many requests , unauthorized , method not allowed , request too large , unsupported media type
err string
Stack of errors that occurred during processing of the request. Useful for debugging.
message string
Human-readable message.
op string
Describes the logical code operation when the error occurred. Useful for debugging.
DELETE /api/v2/authorizations/{authID}

Delete an authorization

Deletes an authorization.

Use the endpoint to delete an API token.

If you want to disable an API token instead of delete it, update the authorization’s status to inactive.

Parameters

Path parameters
authID required string
An authorization ID. Specifies the authorization to delete.
Header parameters
Zap-Trace-Span string
OpenTracing span context
Example request Ask AI about this
curl --request DELETE \
  "http://localhost:8086/api/v2/authorizations/{authID}" \
  --header "Authorization: Bearer INFLUX_TOKEN"

Responses

204 Success. The authorization is deleted.
400 Bad request.
code required string
code is the machine-readable error code.
Allowed: internal error , not implemented , not found , conflict , invalid , unprocessable entity , empty value , unavailable , forbidden , too many requests , unauthorized , method not allowed , request too large , unsupported media type
err string
Stack of errors that occurred during processing of the request. Useful for debugging.
message string
Human-readable message.
op string
Describes the logical code operation when the error occurred. Useful for debugging.
401

Unauthorized. The error may indicate one of the following:

  • The Authorization: Token header is missing or malformed.
  • The API token value is missing from the header.
  • The token doesn’t have sufficient permissions to write to this organization and bucket.
code string
The HTTP status code description. Default is unauthorized.
Allowed: unauthorized
message string
A human-readable message that may contain detail about the error.
404 Not found.
code required string
code is the machine-readable error code.
Allowed: internal error , not implemented , not found , conflict , invalid , unprocessable entity , empty value , unavailable , forbidden , too many requests , unauthorized , method not allowed , request too large , unsupported media type
err string
Stack of errors that occurred during processing of the request. Useful for debugging.
message string
Human-readable message.
op string
Describes the logical code operation when the error occurred. Useful for debugging.
500 Internal server error. The server encountered an unexpected situation.
code required string
code is the machine-readable error code.
Allowed: internal error , not implemented , not found , conflict , invalid , unprocessable entity , empty value , unavailable , forbidden , too many requests , unauthorized , method not allowed , request too large , unsupported media type
err string
Stack of errors that occurred during processing of the request. Useful for debugging.
message string
Human-readable message.
op string
Describes the logical code operation when the error occurred. Useful for debugging.
default Non 2XX error response from server.
code required string
code is the machine-readable error code.
Allowed: internal error , not implemented , not found , conflict , invalid , unprocessable entity , empty value , unavailable , forbidden , too many requests , unauthorized , method not allowed , request too large , unsupported media type
err string
Stack of errors that occurred during processing of the request. Useful for debugging.
message string
Human-readable message.
op string
Describes the logical code operation when the error occurred. Useful for debugging.

Was this page helpful?

Thank you for your feedback!