Create a token
Create API tokens using the InfluxDB user interface (UI), the influx
command line interface (CLI), or the InfluxDB API.
To follow best practices for secure API token generation and retrieval, InfluxDB enforces access restrictions on API tokens.
- Tokens are visible to the user who created the token.
- InfluxDB only allows access to the API token value immediately after the token is created.
- You can’t change access (read/write) permissions for an API token after it’s created.
- Tokens stop working when the user who created the token is deleted.
We recommend the following for managing your tokens:
- Create a generic user to create and manage tokens for writing data.
- Store your tokens in a secure password vault for future access.
Create a token using the InfluxDB API
Use the /api/v2/authorizations InfluxDB API endpoint to create a token.
Include the following in your request:
- Headers
- Authorization:
Token API_TOKEN(API token with thewrite: authorizationspermission) - Content-type:
application/json
- Authorization:
- Request body: JSON object with the following properties:
- status: Token status (active or inactive)
- description: Token description
- orgID: Organization ID
- permissions: JSON array of objects, each with the following properties:
- action: Authorized action (read or write)
- resource: JSON object with the following properties
- orgID: Organization ID
- type: Resource type
- name: (Optional) Resource name to scope permission to
curl --request POST \
https://cloud2.influxdata.com/api/v2/authorizations \
--header "Authorization: Token API_TOKEN" \
--header 'Content-type: application/json' \
--data '{
"status": "active",
"description": "AUTHORIZATION_DESCRIPTION",
"orgID": "ORG_ID",
"permissions": [
{
"action": "read",
"resource": {
"orgID": "ORG_ID",
"type": "authorizations"
}
},
{
"action": "read",
"resource": {
"orgID": "ORG_ID",
"type": "buckets"
}
},
{
"action": "write",
"resource": {
"orgID": "ORG_ID",
"type": "buckets",
"name": "iot-center"
}
}
]
}'
Create a token scoped to a user
To scope a token to a user other than the token creator, pass the userID property in the request
body.
######################################################
# The example below uses common command-line tools
# `curl`, `jq` with the InfluxDB API to do the following:
# 1. Create a user.
# 2. Find the new or existing user by name.
# 3. If the user exists:
# a. Build an authorization object with the user ID.
# b. Create the new authorization.
# c. Return the new token.
######################################################
function create_token_with_user() {
curl --request POST \
"https://cloud2.influxdata.com/api/v2/users/" \
--header "Authorization: Token API_TOKEN" \
--header 'Content-type: application/json' \
--data "{\"name\": \"$1\"}"
curl --request GET \
"https://cloud2.influxdata.com/api/v2/users?name=$1" \
--header "Authorization: Token API_TOKEN" \
--header 'Content-type: application/json' | \
jq --arg USER $1 '.users[0] // error("User missing")
| {
"orgID": "ORG_ID",
"userID": .id,
"description": $USER,
"permissions": [
{"action": "read", "resource": {"type": "buckets"}}
]
}' | \
curl --request POST \
"https://cloud2.influxdata.com/api/v2/authorizations" \
--header "Authorization: Token API_TOKEN" \
--header 'Content-type: application/json' \
--data @- | \
jq '.token'
}
create_token_with_user 'iot_user_1'
See the
POST /api/v2/authorizations documentation
for more information about options.
Was this page helpful?
Thank you for your feedback!
Support and feedback
Thank you for being part of our community! We welcome and encourage your feedback and bug reports for InfluxDB Cloud Serverless and this documentation. To find support, use the following resources:
Customers with an annual or support contract can contact InfluxData Support.