Documentation

Telegraf Controller

Manage API tokens

Telegraf Controller is in Public Beta

Telegraf Controller is in public beta and will be part of the future Telegraf Enterprise offering. While in beta, Telegraf Controller is not meant for production use. The Telegraf Controller documentation is a work in progress, and we are actively working to improve it. If you have any questions or suggestions, please submit an issue. We welcome any and all contributions.

Beta expectations

Provide beta feedback

API tokens authenticate requests to the Telegraf Controller API and Telegraf agent connections. Use tokens to authorize Telegraf agents, heartbeat requests, and external API clients.

Token format

All API tokens use the tc-apiv1_ prefix, making them easy to identify in configuration files and scripts.

The full token value is displayed only once at the time of creation and cannot be retrieved later. Copy and store the token in a secure location immediately after creating it.

Raw token strings are not stored

Tokens are stored as a cryptographic hash. The original value is never saved. If you lose a token, you must revoke it and create a new one.

Token permissions

Each token is scoped to a specific user. Token permissions are restricted to the permissions allowed by the user’s role. A token cannot exceed the permissions of the user it belongs to.

When you create a token, you can set custom permissions to restrict the token’s access below your full role permissions. This lets you issue narrowly scoped tokens for specific tasks, such as a token that can only register agents or a token limited to read-only access.

Token states

Tokens exist in one of two states:

  • Active – The token can be used for authentication.
  • Revoked – The token is permanently disabled but the record is retained for auditing purposes.

Revoking a token is irreversible. Any agent or client using a revoked token immediately loses access.

Token visibility

Your role determines which tokens you can view and manage:

RoleToken visibility
OwnerAll tokens across all users
AdministratorAll tokens across all users
ManagerOnly their own tokens
ViewerCannot manage tokens

Owner and Administrator users can revoke any token in the organization, including tokens belonging to other users.

Create an API token

Create a new API token for authenticating with the Telegraf Controller API.

Use API tokens

Use API tokens to authenticate Telegraf agents, heartbeat requests, and external API clients with Telegraf Controller.

Reassign a token

Reassign an API token from one user to another in Telegraf Controller.

Revoke a token

Revoke an API token to immediately prevent its use while keeping the token record for auditing.

Delete a token

Permanently delete an API token from Telegraf Controller.

Was this page helpful?

Thank you for your feedback!

© 2026 InfluxData, Inc.

Where are you running InfluxDB?

Select your InfluxDB Cloud region and cluster or your InfluxDB OSS URL and we’ll customize code examples for you. Identify your InfluxDB Cloud cluster.

  • InfluxDB Cloud
  • InfluxDB OSS or Enterprise
AWS

  • US West (Oregon)

GCP
Azure
Default
Custom

For more information, see InfluxDB Cloud regions or InfluxDB OSS URLs.

Thank you for your feedback!

Let us know what we can do better:

Thank you!

No thanks

Telegraf Enterprise now in public beta

Get early access to the Telegraf Controller and provide feedback to help shape the future of Telegraf Enterprise.

See the Blog Post

The upcoming Telegraf Enterprise offering is for organizations running Telegraf at scale and is comprised of two key components:

  • Telegraf Controller: A control plane (UI + API) that centralizes Telegraf configuration management and agent health visibility.
  • Telegraf Enterprise Support: Official support for Telegraf Controller and Telegraf plugins.

Join the Telegraf Enterprise beta to get early access to the Telegraf Controller and provide feedback to help shape the future of Telegraf Enterprise.

For more information:

New in InfluxDB 3.8

Key enhancements in InfluxDB 3.8 and the InfluxDB 3 Explorer 1.6.

See the Blog Post

InfluxDB 3.8 is now available for both Core and Enterprise, alongside the 1.6 release of the InfluxDB 3 Explorer UI. This release is focused on operational maturity and making InfluxDB easier to deploy, manage, and run reliably in production.

For more information, check out:

InfluxDB Docker latest tag changing to InfluxDB 3 Core

On May 27, 2026, the latest tag for InfluxDB Docker images will point to InfluxDB 3 Core. To avoid unexpected upgrades, use specific version tags in your Docker deployments.

If using Docker to install and run InfluxDB, the latest tag will point to InfluxDB 3 Core. To avoid unexpected upgrades, use specific version tags in your Docker deployments. For example, if using Docker to run InfluxDB v2, replace the latest version tag with a specific version tag in your Docker pull command–for example:

docker pull influxdb:2