Documentation

Create a token

Create API tokens using the InfluxDB user interface (UI), the influx command line interface (CLI), or the InfluxDB API.

To follow best practices for secure API token generation and retrieval, InfluxDB enforces access restrictions on API tokens.

  • Tokens are visible to the user who created the token.
  • InfluxDB only allows access to the API token value immediately after the token is created.
  • You can’t change access (read/write) permissions for an API token after it’s created.
  • Tokens stop working when the user who created the token is deleted.

We recommend the following for managing your tokens:

  • Create a generic user to create and manage tokens for writing data.
  • Store your tokens in a secure password vault for future access.

Manage tokens in the InfluxDB UI

To manage InfluxDB API Tokens in the InfluxDB UI, navigate to the API Tokens management page.

In the navigation menu on the left, select Load Data > API Tokens.

Create a token in the InfluxDB UI

Create an all-access token

  1. From the API Tokens management page, click the Generate API Token button.
  2. Select All Access API Token.

Create a custom token

  1. From the API Tokens management page, click the Generate API Token button.
  2. Select Custom API Token.
  3. When the Generate a Personal API Token window appears, enter a description. If you don’t provide a description for the token, InfluxDB will generate a description from the permissions you assign. For example, if you select Read for a bucket named “_monitoring” and Write for a bucket named “_tasks”, InfluxDB will generate the description “Read buckets _monitoring Write buckets _tasks”.
  4. Select the check boxes in the Read and Write columns to assign access permissions for the token. You can enable access to all buckets, individual buckets, Telegraf configurations, and other InfluxDB resources. By default, the new token has no access permissions.
  5. When you’re finished, click Generate.
  6. When InfluxDB displays the token value, click Copy to Clipboard. This is your only chance to access and copy the token value from InfluxDB.
  7. (Optional) Store the API token value in a secure password vault.

Clone a token

To create a token with the same authorizations as an existing token, clone the existing token.

  1. From the API Tokens management page, find the token you want to clone and click the icon located far right of the token description.
  2. Select Clone.
  3. When InfluxDB UI displays the created token, click Copy to Clipboard. This is your only chance to access and copy the token value from InfluxDB.
  4. (Optional) Store the API token value in a secure password vault.

Create a token using the influx CLI

Use the influx auth create command to create a token. Include flags with the command to grant specific permissions to the token. See the available flags. Only tokens with the write: authorizations permission can create tokens.

# Syntax
influx auth create -o <org-name> [permission-flags]

Examples

Create an all-access token

Create an All-Access token to grant permissions to all resources in an organization.

influx auth create \
  --org my-org \
  --all-access

Create a token with specified permissions

Create a token with specified read permissions
influx auth create \
  --org my-org \
  --read-bucket 03a2bbf46309a000 \
  --read-bucket 3a87c03ace269000 \
  --read-dashboards \
  --read-tasks \
  --read-telegrafs \
  --read-user
Create a token scoped to a user and with specified read and write permissions
influx auth create       \
  --org ORG_NAME         \
  --user USERNAME        \
  --read-authorizations  \
  --write-authorizations \
  --read-buckets         \
  --write-buckets        \
  --read-dashboards      \
  --write-dashboards     \
  --read-tasks           \
  --write-tasks          \
  --read-telegrafs       \
  --write-telegrafs      \
  --read-users           \
  --write-users

See the influx auth create documentation for information about other available flags.

Create a token using the InfluxDB API

Use the /api/v2/authorizations InfluxDB API endpoint to create a token.

POST http://localhost:8086/api/v2/authorizations

Include the following in your request:

Requirement Include by
API token with the write: authorizations permission Use the Authorization header and the Token scheme.
Organization Pass as orgID in the request body.
Permissions list Pass as a permissions array in the request body.
INFLUX_ORG_ID=YOUR_ORG_ID
INFLUX_TOKEN=YOUR_API_TOKEN

curl -v --request POST \
  http://localhost:8086/api/v2/authorizations \
  --header "Authorization: Token ${INFLUX_TOKEN}" \
  --header 'Content-type: application/json' \
  --data '{
  "status": "active",
  "description": "iot-center-device",
  "orgID": "'"${INFLUX_ORG_ID}"'",
  "permissions": [
    {
      "action": "read",
      "resource": {
        "orgID": "'"${INFLUX_ORG_ID}"'",
        "type": "authorizations"
      }
    },
    {
      "action": "read",
      "resource": {
        "orgID": "'"${INFLUX_ORG_ID}"'",
        "type": "buckets"
      }
    },
    {
      "action": "write",
      "resource": {
        "orgID": "'"${INFLUX_ORG_ID}"'",
        "type": "buckets",
        "name": "iot-center" 
      }
    }
  ]
}'

Create a token scoped to a user

To scope a token to a user other than the token creator, pass the userID property in the request body.

######################################################
# The example below uses common command-line tools 
# `curl`, `jq` with the InfluxDB API to do the following:
# 1. Create a user.
# 2. Find the new or existing user by name.
# 3. If the user exists:
#   a. Build an authorization object with the user ID.
#   b. Create the new authorization.
#   c. Return the new token.
######################################################

INFLUX_ORG_ID=YOUR_ORG_ID
INFLUX_TOKEN=YOUR_API_TOKEN

function create_token_with_user() {
  curl --request POST \
    "http://localhost:8086/api/v2/users/" \
    --header "Authorization: Token ${INFLUX_TOKEN}" \
    --header 'Content-type: application/json' \
    --data "{\"name\": \"$1\"}"
  
  curl --request GET \
    "http://localhost:8086/api/v2/users?name=$1" \
    --header "Authorization: Token ${INFLUX_TOKEN}" \
    --header 'Content-type: application/json' | \
  
  jq --arg USER $1 '.users[0] // error("User missing")
    | {
        "orgID": "'"${INFLUX_ORG_ID}"'",
        "userID": .id,
        "description": $USER,
        "permissions": [
           {"action": "read", "resource": {"type": "buckets"}}
         ]
      }' | \
  
  curl --request POST \
    "http://localhost:8086/api/v2/authorizations" \
    --header "Authorization: Token ${INFLUX_TOKEN}" \
    --header 'Content-type: application/json' \
    --data @- | \
  
  jq '.token'
}

create_token_with_user 'iot_user_1'

See the POST /api/v2/authorizations documentation for more information about options.


Was this page helpful?

Thank you for your feedback!


Introducing InfluxDB Clustered

A highly available InfluxDB 3.0 cluster on your own infrastructure.

InfluxDB Clustered is a highly available InfluxDB 3.0 cluster built for high write and query workloads on your own infrastructure.

InfluxDB Clustered is currently in limited availability and is only available to a limited group of InfluxData customers. If interested in being part of the limited access group, please contact the InfluxData Sales team.

Learn more
Contact InfluxData Sales

The future of Flux

Flux is going into maintenance mode. You can continue using it as you currently are without any changes to your code.

Flux is going into maintenance mode and will not be supported in InfluxDB 3.0. This was a decision based on the broad demand for SQL and the continued growth and adoption of InfluxQL. We are continuing to support Flux for users in 1.x and 2.x so you can continue using it with no changes to your code. If you are interested in transitioning to InfluxDB 3.0 and want to future-proof your code, we suggest using InfluxQL.

For information about the future of Flux, see the following:

InfluxDB Cloud powered by TSM