Documentation

Kapacitor

Set up internal Kapacitor authorizations

Use user-based authorizations and permissions stored in Kapacitor to authenticate requests to the Kapacitor HTTP API.

Use Kapacitor authorizations

  1. Create an admin user:

    1. Set the following in the [auth] configuration group in your kapacitor.conf:

      • enabled: true
      • bcrypt: an integer greater than or equal to 4
      • meta-*: empty string or false
      [auth]
  enabled = true
  cache-expiration = "1h"
  bcrypt-cost = 4
  meta-addr = ""
  meta-username = ""
  meta-password = ""
  meta-use-tls = false
  meta-ca = ""
  meta-cert = ""
  meta-key = ""
  meta-insecure-skip-verify = false
      • Copy
      • Fill window

      Or use environment variables to set these configuration options:

      export KAPACITOR_AUTH_ENABLED=true
export KAPACITOR_AUTH_BCRYPT=4
      • Copy
      • Fill window

    2. Start kapacitord using the updated configuration:

      kapactord -config /path/to/kapacitor.conf
      • Copy
      • Fill window

    3. Use the /users endpoint of the Kapacitor HTTP API to create a new admin user. In the request body, provide a JSON object with the following fields:

      • name: admin username
      • password: admin password
      • type: "admin"
      curl --request POST 'http://localhost:9092/kapacitor/v1/users' \
  --data '{
    "name": "exampleUsername",
    "password": "examplePassword",
    "type":"admin"
}'
      • Copy
      • Fill window

  2. Stop the kapacitord service.

  3. Set [http].auth-enabled to true in your kapacitor.conf:

    [http]
  #...
  auth-enabled: true
  #...
    • Copy
    • Fill window

    Or use the KAPACITOR_HTTP_AUTH_ENABLED environment variable:

    export KAPACITOR_HTTP_AUTH_ENABLED=true
    • Copy
    • Fill window

  4. Restart kapacitord with the updated configuration.

    kapacitord -config /path/to/kapacitor.conf
    • Copy
    • Fill window

  5. (Optional) Create additional users with user-specific permissions. For more information, see:

Authenticate with the Kapacitor CLI

To authenticate with Kapacitor when using the kapacitor CLI, provide your username and password as part of the Kapacitor -url:

# Syntax
kapacitor -url http://<username>:<password>@localhost:9092

# Example
kapacitor -url http://admin:Pa5sw0Rd@localhost:9092
  • Copy
  • Fill window

Authenticate with the Kapacitor API

To authenticate directly with the Kapacitor API, use basic authentication to provide your username and password.

# Syntax
curl --request GET http://localhost:9092/kapacitor/v1/tasks \
  -u "<username>:<password>" 

# Example
curl --request GET http://localhost:9092/kapacitor/v1/tasks \
  -u "johndoe:Pa5sw0Rd"
  • Copy
  • Fill window

Was this page helpful?

Thank you for your feedback!

© 2025 InfluxData, Inc.

Where are you running InfluxDB?

Select your InfluxDB Cloud region and cluster or your InfluxDB OSS URL and we’ll customize code examples for you. Identify your InfluxDB Cloud cluster.

  • InfluxDB Cloud
  • InfluxDB OSS or Enterprise
AWS

  • US West (Oregon)

GCP
Azure
Default
Custom

For more information, see InfluxDB Cloud regions or InfluxDB OSS URLs.

Thank you for your feedback!

Let us know what we can do better:

Thank you!

No thanks

The future of Flux

Flux is going into maintenance mode. You can continue using it as you currently are without any changes to your code.

Read more

InfluxDB 3 Core and Enterprise are now in Beta

InfluxDB 3 Core and Enterprise are now available for beta testing, available under MIT or Apache 2 license.

InfluxDB 3 Core is a high-speed, recent-data engine that collects and processes data in real-time, while persisting it to local disk or object storage. InfluxDB 3 Enterprise is a commercial product that builds on Core’s foundation, adding high availability, read replicas, enhanced security, and data compaction for faster queries. A free tier of InfluxDB 3 Enterprise will also be available for at-home, non-commercial use for hobbyists to get the full historical time series database set of capabilities.

For more information, check out:

Ask AI