Documentation

InfluxDB 3 Enterprise

influxdb3 create token --permission

The influxdb3 create token command with the --permission option creates a new authentication token with fine-grained access permissions for specific resources in InfluxDB 3 Enterprise.

Fine-grained access permissions allow you to specify the exact actions, such as read and write that a token can perform on a specific resource, such as a database or a system information endpoint.

Usage

influxdb3 create token --permission <PERMISSION> --name <NAME> [OPTIONS]

Options

OptionDescription
--permission <PERMISSION>Permissions in RESOURCE_TYPE:RESOURCE_NAMES:ACTIONS format–for example, db:*:read,write, system:*:read. --permission may be specified multiple times
--name <NAME>Name of the token
-H--host <HOST_URL>The host URL of the running InfluxDB 3 Enterprise server [env: INFLUXDB3_HOST_URL=] [default: http://127.0.0.1:8181]
--token <AUTH_TOKEN>The enterprise token
[env: INFLUXDB3_AUTH_TOKEN=]
--expiry <DURATION>The token expiration time as a duration (for example, 1h, 7d, 1y). If not set, the token does not expire until revoked
--tls-ca <CA_CERT>An optional arg to use a custom CA for testing with self-signed certs [env: INFLUXDB3_TLS_CA=]
--format <FORMAT>Output format (json or text (default))
-h--helpPrint help information
--help-allPrint detailed help information

Permission format

The --permission option takes a value in the format RESOURCE_TYPE:RESOURCE_NAMES:ACTIONS.

  • RESOURCE_TYPE: Available resource types include:
    • db for databases
    • system for system information endpoints.
  • RESOURCE_NAMES: Can be a specific resource name, such as a database name, a comma-separated list of names, or * to grant access to all resources of the type.
  • ACTIONS: A list of actions. Available actions depend on the resource type.

Examples

Create a token with read and write access to a database

influxdb3 create token \
  --permission "db:my_database:read,write" \
  --name "Read/write token for my_database"

Create a token with read-only access to a database

influxdb3 create token \
  --permission "db:my_database:read" \
  --name "Read-only token for my_database"

Create a token with access to multiple databases

influxdb3 create token \
  --permission "db:database1,database2:read,write" \
  --name "Multi-database token"

Create a token with access to all databases

influxdb3 create token \
  --permission "db:*:read,write" \
  --name "All databases token"

Create a token that expires in seven days

influxdb3 create token \
  --permission "db:my_database:read,write" \
  --name "Expiring token" \
  --expiry 7d

Create a system token for health information

influxdb3 create token \
  --permission "system:health:read" \
  --name "System health token"

Create a token with access to all system information

influxdb3 create token \
  --permission "system:*:read" \
  --name "All system information"

Create a token with multiple permissions

influxdb3 create token \
  --permission "db:database1:read,write" \
  --permission "system:health:read" \
  --name "Multi-permission token"

Generate an offline permission (resource) tokens file

Generate an offline permission (resource) tokens file to use if no resource tokens exist when the server starts. Once started, you can interact with the server using the provided tokens. Offline permission tokens are designed to help with automated deployments.

Include the following options:

  • --name (Required)
  • --permissions (Required)
  • --offline (Required)
  • --output-file (Required)
  • --create-databases (Optional)
  • --expiry (Optional)
influxdb3 create token \
  --name 
TOKEN_NAME
 \
  --permission "
TOKEN_PERMISSIONS
" \
  --expiry 
DURATION
 \
  --offline \
  --create-databases 
DATABASE_LIST
 \
  --output-file 
path/to/tokens.json

Replace the following:

  • TOKEN_NAME: Name for your offline permission token
  • TOKEN_PERMISSIONS: Token permissions.
  • DURATION: Duration for the token to remain valid, in humantime format (for example, 10d for 10 days or 1y for 1 year).
  • DATABASE_LIST: Comma-separated list of database names to create when starting the InfluxDB 3 Enterprise server using the generated tokens file
  • path/to/tokens.json: File path to use for the generated tokens file

View example offline permission tokens file

If you write a new offline permission token to an existing permission token file, the command appends the new token to the existing output file.

Was this page helpful?

Thank you for your feedback!

© 2026 InfluxData, Inc.

What is your InfluxDB 3 Enterprise URL?

Customize your InfluxDB 3 Enterprise URL and we’ll update code examples for you.

Default
Custom

For more information, see InfluxDB Cloud regions or InfluxDB OSS URLs.

Thank you for your feedback!

Let us know what we can do better:

Thank you!

No thanks

InfluxDB OSS 2.9.0: API tokens are hashed by default

Stronger token security in InfluxDB OSS 2.9.0 — tokens are hashed on disk by default. Existing tokens are hashed on first startup and can’t be recovered afterward. Capture any plaintext tokens you still need before you upgrade.

View InfluxDB OSS 2.9.0 release notes

Hashed tokens authenticate exactly like unhashed tokens — clients and integrations keep working.

Also new in 2.9.0:

  • Configurable backup compression
  • Restore support for backups containing hashed tokens
  • Tighter Edge Data Replication queue validation
  • Flux upgrade
  • Compaction reliability improvements

Key enhancements in Explorer 1.9

Explorer 1.9 is now available with InfluxQL support, an AI-assisted Flux to SQL converter (beta), and new live sample data simulators.

View Explorer 1.9 release notes

Explorer 1.9 includes new features and improvements that make it easier to query, visualize, and manage data.

Highlights:

  • Flux to SQL converter (beta): Convert Flux queries to SQL with an AI-assisted converter.
  • InfluxQL support: Query data with InfluxQL in the Data Explorer and dashboards, and save and load InfluxQL queries.
  • InfluxQL visualizations: Render line and bar charts from InfluxQL results with per-tag series grouping.
  • Query error history: Review a history of query errors in the query tool.
  • Live sample data simulators: Generate continuous live sample data with new bird data and signal generator simulators.

For more details, see Explorer 1.9 release notes

InfluxDB 3.10 is now available

InfluxDB 3 Core 3.10 adds an automatic catalog format upgrade, a configurable query-concurrency limit, and processing engine improvements.

Key updates in InfluxDB 3 Core 3.10:

  • Catalog format upgrade: the on-disk catalog automatically upgrades from format v2 to v3 on first 3.10 startup. Migration is one-way—back up your catalog before upgrading.
  • --max-concurrent-queries: limit concurrent queries (adjustable at runtime).
  • GET /ready endpoint for readiness probes.
  • Processing engine: cross-database queries and trigger lockdown flags.

For more information, see the InfluxDB 3 Core release notes.

InfluxDB 3.10 is now available

InfluxDB 3 Enterprise 3.10 adds automated backup and restore, row-level deletions, and user management, with an automatic catalog format upgrade and performance preview improvements.

Key updates in InfluxDB 3 Enterprise 3.10:

  • Catalog format upgrade: the on-disk catalog automatically upgrades from format v2 to v3 on first 3.10 startup. Migration is one-way—back up your catalog before upgrading.
  • Automated backup and restore (beta)
  • Row-level deletions
  • User management (authentication and RBAC) — preview
  • Performance preview improvements

Backup and restore, row-level deletions, and the performance preview require the Enterprise storage engine upgrade (opt-in beta). Beta and preview features are subject to breaking changes and aren’t recommended for production use.

For more information, see the InfluxDB 3 Enterprise release notes

Telegraf Enterprise now in public beta

Get early access to the Telegraf Controller and provide feedback to help shape the future of Telegraf Enterprise.

See the Blog Post

The upcoming Telegraf Enterprise offering is for organizations running Telegraf at scale and is comprised of two key components:

  • Telegraf Controller: A control plane (UI + API) that centralizes Telegraf configuration management and agent health visibility.
  • Telegraf Enterprise Support: Official support for Telegraf Controller and Telegraf plugins.

Join the Telegraf Enterprise beta to get early access to the Telegraf Controller and provide feedback to help shape the future of Telegraf Enterprise.

For more information:

Telegraf Controller v0.0.7-beta now available

Telegraf Controller v0.0.7-beta is now available with new features, improvements, bug fixes, and an important breaking change.

View the release notes
Download Telegraf Controller v0.0.7-beta

InfluxDB Docker latest tag changing to InfluxDB 3 Core

On September 15, 2026, the latest tag for InfluxDB Docker images will point to InfluxDB 3 Core. To avoid unexpected upgrades, use specific version tags in your Docker deployments.

If using Docker to install and run InfluxDB, the latest tag will point to InfluxDB 3 Core. To avoid unexpected upgrades, use specific version tags in your Docker deployments. For example, if using Docker to run InfluxDB v2, replace the latest version tag with a specific version tag in your Docker pull command–for example:

docker pull influxdb:2