Documentation

InfluxDB 3 Enterprise

Use a preconfigured permission (resource) tokens

Start InfluxDB 3 Enterprise with a preconfigured “offline” permission (resource) tokens file. If no tokens already exist, InfluxDB automatically creates resource tokens specified in the provided permission (resource) tokens file.

Generate an offline permissions (resource) tokens file

Use the influxdb3 create token command to generate an offline permission (resource) tokens file. You can also specify corresponding databases to create when starting InfluxDB. Include the following options:

* Required

  • * --name: The name of the admin token (replace TOKEN_NAME)
  • * --permissions: The token permissions (replace TOKEN_PERMISSIONS)
  • --expiry: Duration for the token to remain valid, in humantime format–for example 10d for 10 days or 1y for 1 year (replace DURATION)
  • * --offline
  • --create-databases: Comma separated list of database names to create when starting the server (replace DATABASE_LIST)
  • * --output-file: File path to use for the generated token file (replace path/to/tokens.json)
influxdb3 create token \
  --name 
TOKEN_NAME
 \
  --permission "
TOKEN_PERMISSIONS
" \
  --expiry 
DURATION
 \
  --offline \
  --create-databases 
DATABASE_LIST
 \
  --output-file 
path/to/tokens.json

Add multiple tokens to a permission tokens file

If you write a new offline permission token to an existing permission token file, the command appends the new token to the existing output file.

You can write or generate your own permission tokens file

The influxdb3 create token --offline command makes generating an offline permission tokens file easy, but it is not required. You can write or generate your own permission tokens file using the required JSON schema.

Token string security standards

If writing or generating your own permission tokens file, ensure that token strings are sufficiently secure. We recommend the following:

  • Use a cryptographically secure pseudorandom number generator.
  • Ensure sufficient length and entropy. Generate and base64-encode a random string of at least 16 bytes (128 bits).
  • Prepend the generated string with apiv3_ for InfluxDB compatibility.

Token file permissions

Token file permissions should be restricted 0600 to protect the tokens.

Offline permission tokens file schema

An offline permission tokens file is a JSON-formatted file that contains a single object with the following fields:

  • create_databases: (Optional) Array of database names to create when starting the server

  • tokens: Array of token objects

    • token: The raw token string (must begin with apiv3_)
    • name: A unique token name
    • expiry_millis: (Optional) Token expiration time as a millisecond Unix timestamp
    • permissions: Array of token permission strings.
{
  "create_databases": [
    "db1",
    "db2",
    "db3",
    "db4"
  ],
  "tokens": [
    {
      "token": "apiv3_0XXXX-xxxXxXxxxXX_OxxxX...",
      "name": "token-1",
      "expiry_millis": 1756400061529,
      "permissions": [
        "db:db1,db2:read,write",
        "db:db3:read"
      ]
    },
    {
      "token": "apiv3_0XXXX-xxxXxXxxxXX_OxxxX...",
      "name": "token-2",
      "expiry_millis": 1756400061529,
      "permissions": [
        "db:db4:read,write"
      ]
    }
  ]
}

Start InfluxDB with the preconfigured permission tokens

When starting InfluxDB 3 Enterprise, include the --permission-tokens-file option with the influxdb3 serve command or set the INFLUXDB3_PERMISSION_TOKENS_FILE environment variable to provide the preconfigured offline permission tokens file:

CLI option Environment variable

influxdb3 serve \
  # ... \
  --permission-tokens-file 
path/to/admin-token.json
INFLUXDB3_PERMISSION_TOKENS_FILE=
path/to/admin-token.json


influxdb3 serve \
  # ... \

When the server starts, you can use the preconfigured permission (resource) tokens to write data to and query data from with your InfluxDB 3 Enterprise instance or cluster.

Was this page helpful?

Thank you for your feedback!

© 2025 InfluxData, Inc.

What is your InfluxDB 3 Enterprise URL?

Customize your InfluxDB 3 Enterprise URL and we’ll update code examples for you.

Default
Custom

For more information, see InfluxDB Cloud regions or InfluxDB OSS URLs.

Thank you for your feedback!

Let us know what we can do better:

Thank you!

No thanks

New in InfluxDB 3.5

Key enhancements in InfluxDB 3.5 and the InfluxDB 3 Explorer 1.3.

See the Blog Post

InfluxDB 3.5 is now available for both Core and Enterprise, introducing custom plugin repository support, enhanced operational visibility with queryable CLI parameters and manual node management, stronger security controls, and general performance improvements.

InfluxDB 3 Explorer 1.3 brings powerful new capabilities including Dashboards (beta) for saving and organizing your favorite queries, and cache querying for instant access to Last Value and Distinct Value caches—making Explorer a more comprehensive workspace for time series monitoring and analysis.

For more information, check out:

InfluxDB Docker latest tag changing to InfluxDB 3 Core

On November 3, 2025, the latest tag for InfluxDB Docker images will point to InfluxDB 3 Core. To avoid unexpected upgrades, use specific version tags in your Docker deployments.

If using Docker to install and run InfluxDB, the latest tag will point to InfluxDB 3 Core. To avoid unexpected upgrades, use specific version tags in your Docker deployments. For example, if using Docker to run InfluxDB v2, replace the latest version tag with a specific version tag in your Docker pull command–for example:

docker pull influxdb:2