Documentation

InfluxDB 3 Enterprise

Create a resource token

Use the influxdb3 create token --permission command or the /api/v3/configure/token HTTP API endpoint to create fine-grained permissions tokens that grant access to resources such as databases and system information. Database tokens allow for reading and writing data in your InfluxDB 3 Enterprise instance. System tokens allow for reading system information and metrics for your server.

After you create an admin token, you can use the token string to authenticate influxdb3 commands and HTTP API requests for managing database and system tokens.

The HTTP API examples in this guide use cURL to send an API request, but you can use any HTTP client._

Store secure tokens in a secret store

Token strings are returned only on token creation. We recommend storing database tokens in a secure secret store. If you lose a resource token string, revoke the token and create a new one.

Create a database token

influxdb3 HTTP API

Use the influxdb3 create token command to create a database token with fine-grained permissions for reading and writing data in your InfluxDB 3 Enterprise instance.

In your terminal, run the influxdb3 create token --permission command and provide the following:

  • --name: A unique name for the token

  • Options, for example:

    • --expiry: The token expiration time as a duration. If an expiration isn’t set, the token does not expire until revoked.

  • Token permissions (read and write) in the RESOURCE_TYPE:RESOURCE_NAMES:ACTIONS format–for example:

    db:DATABASE1,DATABASE2:read,write
    • Copy
    • Fill window
    • db:: The db resource type, which specifies the token is for a database
    • DATABASE1,DATABASE2: A comma-separated list of database names to grant permissions to. The resource names part supports the * wildcard, which grants read or write permissions to all databases.
    • read,write: A comma-separated list of permissions to grant to the token.
influxdb3 create token \
--permission \
--expiry 
1y
 \
--name "Read-write on 
DATABASE1
, 
DATABASE2
" \
"db:
DATABASE1
,
DATABASE2
:read,write"
  • Copy
  • Fill window

Replace the following:

  • DATABASE1, DATABASE2: your InfluxDB 3 Enterprise database
  • 1y: the token expiration time as a duration.

The output is the token string in plain text.

Send a request to the following InfluxDB 3 Enterprise endpoint:

POST http://localhost:8181/api/v3/enterprise/configure/token
Change InfluxDB URL
Change InfluxDB URL
  • Copy
  • Fill window

Provide the following request headers:

  • Accept: application/json to ensure the response body is JSON content
  • Content-Type: application/json to indicate the request body is JSON content
  • Authorization: Bearer and the admin token for your instance to authorize the request

In the request body, provide the following parameters:

  • token_name: a description of the token, unique within the instance
  • resource_type: the resource type for the token, which is always db
  • resource_identifier: an array of database names to grant permissions to
    • The resource identifier field supports the * wildcard, which grants read or write permissions to all databases.
  • permissions: an array of token permission actions ("read", "write") for the database
  • expiry_secs: Specify the token expiration time in seconds.

The following example shows how to use the HTTP API to create a database token:

  curl \
  "http://localhost:8181/api/v3/enterprise/configure/token" \
  --header 'Accept: application/json' \
  --header 'Content-Type: application/json' \
  --data '{
    "token_name": "Read-write for 
DATABASE1
, 
DATABASE2
",
    "permissions": [{
      "resource_type": "db",
      "resource_identifier": ["
DATABASE1
","
DATABASE2
"],
      "actions": ["read","write"]
     }],
     "expiry_secs": 
300000

  }'
Change InfluxDB URL
Change InfluxDB URL
  • Copy
  • Fill window

Replace the following in your request:

  • DATABASE1, DATABASE2: your InfluxDB 3 Enterprise database
  • 300000: the token expiration time in seconds.

The response body contains token details, including the token field with the token string in plain text.

Examples

In the examples below, replace the following:

  • DATABASE_NAME: your InfluxDB 3 Enterprise database
  • DATABASE2_NAME: your InfluxDB 3 Enterprise database
  • ADMIN TOKEN: the admin token for your InfluxDB 3 Enterprise instance

Create a token with read and write access to a database

influxdb3 HTTP API

influxdb3 create token \
  --permission \
  --name "Read/write token for 
DATABASE_NAME
" \
  db:
DATABASE_NAME
:read,write
  • Copy
  • Fill window
curl \
  "http://localhost:8181/api/v3/enterprise/configure/token" \
  --header 'Accept: application/json' \
  --header 'Content-Type: application/json' \
  --header "Authorization: Bearer 
ADMIN_TOKEN
" \
  --data '{
    "token_name": "Read/write token for 
DATABASE_NAME
",
    "permissions": [{
      "resource_type": "db",
      "resource_identifier": ["
DATABASE_NAME
"],
      "actions": ["read","write"]
    }]
  }'
Change InfluxDB URL
Change InfluxDB URL
  • Copy
  • Fill window

Create a token with read and write access to all databases

influxdb3 HTTP API

influxdb3 create token \
  --permission \
  --name "Read/write token for all databases" \
  db:*:read,write
  • Copy
  • Fill window
curl \
  "http://localhost:8181/api/v3/enterprise/configure/token" \
  --header 'Accept: application/json' \
  --header 'Content-Type: application/json' \
  --header "Authorization: Bearer 
ADMIN_TOKEN
" \
  --data '{
    "token_name": "Read/write token for all databases",
    "permissions": [{
      "resource_type": "db",
      "resource_identifier": ["*"],
      "actions": ["read","write"]
    }]
  }'
Change InfluxDB URL
Change InfluxDB URL
  • Copy
  • Fill window

Create a token with read-only access to a database

influxdb3 HTTP API

influxdb3 create token \
  --permission \
  --name "Read-only token for 
DATABASE_NAME
" \
  db:
DATABASE_NAME
:read
  • Copy
  • Fill window
curl \
  "http://localhost:8181/api/v3/enterprise/configure/token" \
  --header 'Accept: application/json' \
  --header 'Content-Type: application/json' \
  --header "Authorization: Bearer 
ADMIN_TOKEN
" \
  --data '{
    "token_name": "Read-only token for 
DATABASE_NAME
",
    "permissions": [{
      "resource_type": "db",
      "resource_identifier": ["
DATABASE_NAME
"],
      "actions": ["read"]
    }]
  }'
Change InfluxDB URL
Change InfluxDB URL
  • Copy
  • Fill window

Create a token with read-only access to multiple databases

influxdb3 HTTP API

influxdb3 create token \
  --permission \
  --name "Read-only token for 
DATABASE_NAME
 and 
DATABASE2_NAME
" \
  db:
DATABASE_NAME
,
DATABASE2_NAME
:read
  • Copy
  • Fill window
curl \
  "http://localhost:8181/api/v3/enterprise/configure/token" \
  --header 'Accept: application/json' \
  --header 'Content-Type: application/json' \
  --header "Authorization: Bearer 
ADMIN_TOKEN
" \
  --data '{
    "token_name": "Read-only token for 
DATABASE_NAME
 and 
DATABASE2_NAME
",
    "permissions": [{
      "resource_type": "db",
      "resource_identifier": ["
DATABASE_NAME
","
DATABASE2_NAME
"],
      "actions": ["read"]
    }]
  }'
Change InfluxDB URL
Change InfluxDB URL
  • Copy
  • Fill window

Create a token that expires in seven days

influxdb3 HTTP API

influxdb3 create token \
  --permission \
  --expiry 7d \
  --name "Read/write token for 
DATABASE_NAME
 with 7d expiration" \
  db:
DATABASE_NAME
:read,write
  • Copy
  • Fill window
curl \
  "http://localhost:8181/api/v3/enterprise/configure/token" \
  --header 'Accept: application/json' \
  --header 'Content-Type: application/json' \
  --header "Authorization: Bearer 
ADMIN_TOKEN
" \
  --data '{
    "token_name": "Read/write token for 
DATABASE_NAME
 with 7d expiration",
    "permissions": [{
      "resource_type": "db",
      "resource_identifier": ["
DATABASE_NAME
"],
      "actions": ["read","write"]
    }],
    "expiry_secs": 604800
  }'
Change InfluxDB URL
Change InfluxDB URL
  • Copy
  • Fill window

Create a system token

System tokens have the system resource type and allow for read-only access to system information and metrics from your server.

You can create system tokens for the following system resources:

  • health: system health information from the /health HTTP API endpoint
  • metrics: system metrics information from the /metrics HTTP API endpoint
  • ping: system ping information from the /ping HTTP API endpoint

influxdb3 HTTP API

Use the influxdb3 create token command to create a system token with permissions for reading system information from your InfluxDB 3 Enterprise instance.

In your terminal, run the influxdb3 create token --permission command and provide the following:

  • --name: A unique name for the token

  • Options, for example:

    • --expiry: The token expiration time as a duration. If an expiration isn’t set, the token does not expire until revoked.

  • Token permissions in the RESOURCE_TYPE:RESOURCE_NAMES:ACTIONS format–for example:

    system:health:read
    • Copy
    • Fill window
    • system:: The system resource type, which specifies the token is for system information.
    • health: The specific system resource to grant permissions to.
    • read: The permission to grant to the token (system tokens are always read-only).
influxdb3 create token \
--permission \
--expiry 
1y
 \
--name "System health token" \
"system:health:read"
  • Copy
  • Fill window

Replace the following:

  • 1y: the token expiration time as a duration.

The output is the token string in plain text.

Send a request to the following InfluxDB 3 Enterprise endpoint:

POST http://localhost:8181/api/v3/enterprise/configure/token
Change InfluxDB URL
Change InfluxDB URL
  • Copy
  • Fill window

Provide the following request headers:

  • Accept: application/json to ensure the response body is JSON content
  • Content-Type: application/json to indicate the request body is JSON content
  • Authorization: Bearer and the admin token for your instance to authorize the request

In the request body, provide the following parameters:

  • token_name: a description of the token, unique within the instance
  • resource_type: the resource type for the token, which is system for system tokens
  • resource_identifier: an array of system resource names to grant permissions to
    • The resource identifier field supports the * wildcard, which grants read or write permissions to all system information resources.
  • permissions: an array of token permission actions (only "read" for system tokens)
  • expiry_secs: Specify the token expiration time in seconds.

The following example shows how to use the HTTP API to create a system token:

curl \
"http://localhost:8181/api/v3/enterprise/configure/token" \
--header 'Accept: application/json' \
--header 'Content-Type: application/json' \
--header "Authorization: Bearer ADMIN_TOKEN" \
--data '{
  "token_name": "System health token",
  "permissions": [{
  "resource_type": "system",
  "resource_identifier": ["health"],
  "actions": ["read"]
   }],
   "expiry_secs": 
300000

}'
Change InfluxDB URL
Change InfluxDB URL
  • Copy
  • Fill window

Replace the following in your request:

  • 300000: the token expiration time in seconds.

The response body contains token details, including the token field with the token string in plain text.

Output format

The influxdb3 create token command supports the --format json option. By default, the command outputs the token string. For easier programmatic access to the command output, include --format json with your command to format the output as JSON.

The /api/v3/configure/token endpoint outputs JSON format in the response body.

Was this page helpful?

Thank you for your feedback!

© 2025 InfluxData, Inc.

What is your InfluxDB 3 Enterprise URL?

Customize your InfluxDB 3 Enterprise URL and we’ll update code examples for you.

Default
Custom

For more information, see InfluxDB Cloud regions or InfluxDB OSS URLs.

Thank you for your feedback!

Let us know what we can do better:

Thank you!

No thanks

The future of Flux

Flux is going into maintenance mode. You can continue using it as you currently are without any changes to your code.

Read more

Now Generally Available

InfluxDB 3 Core and Enterprise

Start fast. Scale faster.

Get the Updates

InfluxDB 3 Core is an open source, high-speed, recent-data engine that collects and processes data in real-time and persists it to local disk or object storage. InfluxDB 3 Enterprise builds on Core’s foundation, adding high availability, read replicas, enhanced security, and data compaction for faster queries and optimized storage. A free tier of InfluxDB 3 Enterprise is available for non-commercial at-home or hobbyist use.

For more information, check out:

Ask AI