2016-11-24 03:16:24 -06:00
|
|
|
|
+++
|
|
|
|
|
title = "Authentication HTTP API "
|
|
|
|
|
description = "Grafana Authentication HTTP API"
|
|
|
|
|
keywords = ["grafana", "http", "documentation", "api", "authentication"]
|
|
|
|
|
aliases = ["/http_api/authentication/"]
|
|
|
|
|
type = "docs"
|
|
|
|
|
[menu.docs]
|
|
|
|
|
name = "Authentication"
|
|
|
|
|
parent = "http_api"
|
|
|
|
|
+++
|
2016-02-03 00:59:22 -06:00
|
|
|
|
|
2016-02-05 03:15:09 -06:00
|
|
|
|
# Authentication API
|
2016-02-03 00:59:22 -06:00
|
|
|
|
|
2016-02-05 03:15:09 -06:00
|
|
|
|
## Tokens
|
2016-02-03 00:59:22 -06:00
|
|
|
|
|
|
|
|
|
Currently you can authenticate via an `API Token` or via a `Session cookie` (acquired using regular login or oauth).
|
|
|
|
|
|
2016-02-05 03:15:09 -06:00
|
|
|
|
## Basic Auth
|
2016-02-03 00:59:22 -06:00
|
|
|
|
|
|
|
|
|
If basic auth is enabled (it is enabled by default) you can authenticate your HTTP request via
|
2016-12-13 02:15:52 -06:00
|
|
|
|
standard basic auth. Basic auth will also authenticate LDAP users.
|
2016-02-03 00:59:22 -06:00
|
|
|
|
|
|
|
|
|
curl example:
|
2017-10-05 12:01:03 -05:00
|
|
|
|
```bash
|
2016-02-03 00:59:22 -06:00
|
|
|
|
?curl http://admin:admin@localhost:3000/api/org
|
|
|
|
|
{"id":1,"name":"Main Org."}
|
|
|
|
|
```
|
|
|
|
|
|
2016-02-05 03:15:09 -06:00
|
|
|
|
## Create API Token
|
2016-02-03 00:59:22 -06:00
|
|
|
|
|
|
|
|
|
Open the sidemenu and click the organization dropdown and select the `API Keys` option.
|
|
|
|
|
|
2017-02-07 00:48:01 -06:00
|
|
|
|
![](/img/docs/v2/orgdropdown_api_keys.png)
|
2016-02-03 00:59:22 -06:00
|
|
|
|
|
|
|
|
|
You use the token in all requests in the `Authorization` header, like this:
|
|
|
|
|
|
|
|
|
|
**Example**:
|
|
|
|
|
|
2017-10-05 12:01:03 -05:00
|
|
|
|
```http
|
|
|
|
|
GET http://your.grafana.com/api/dashboards/db/mydash HTTP/1.1
|
|
|
|
|
Accept: application/json
|
|
|
|
|
Authorization: Bearer eyJrIjoiT0tTcG1pUlY2RnVKZTFVaDFsNFZXdE9ZWmNrMkZYbk
|
|
|
|
|
```
|
2016-02-03 00:59:22 -06:00
|
|
|
|
|
2016-02-05 03:15:09 -06:00
|
|
|
|
The `Authorization` header value should be `Bearer <your api key>`.
|
2017-04-20 06:59:36 -05:00
|
|
|
|
|
|
|
|
|
# Auth HTTP resources / actions
|
|
|
|
|
|
|
|
|
|
## Api Keys
|
|
|
|
|
|
|
|
|
|
`GET /api/auth/keys`
|
|
|
|
|
|
|
|
|
|
**Example Request**:
|
|
|
|
|
|
2017-10-05 12:01:03 -05:00
|
|
|
|
```http
|
|
|
|
|
GET /api/auth/keys HTTP/1.1
|
|
|
|
|
Accept: application/json
|
|
|
|
|
Content-Type: application/json
|
|
|
|
|
Authorization: Bearer eyJrIjoiT0tTcG1pUlY2RnVKZTFVaDFsNFZXdE9ZWmNrMkZYbk
|
|
|
|
|
```
|
2017-04-20 06:59:36 -05:00
|
|
|
|
|
|
|
|
|
**Example Response**:
|
|
|
|
|
|
2017-10-05 12:01:03 -05:00
|
|
|
|
```http
|
|
|
|
|
HTTP/1.1 200
|
|
|
|
|
Content-Type: application/json
|
|
|
|
|
|
|
|
|
|
[
|
|
|
|
|
{
|
|
|
|
|
"id": 3,
|
|
|
|
|
"name": "API",
|
|
|
|
|
"role": "Admin"
|
|
|
|
|
},
|
|
|
|
|
{
|
|
|
|
|
"id": 1,
|
|
|
|
|
"name": "TestAdmin",
|
|
|
|
|
"role": "Admin"
|
|
|
|
|
}
|
|
|
|
|
]
|
|
|
|
|
```
|
2017-04-20 06:59:36 -05:00
|
|
|
|
|
|
|
|
|
## Create API Key
|
|
|
|
|
|
|
|
|
|
`POST /api/auth/keys`
|
|
|
|
|
|
|
|
|
|
**Example Request**:
|
|
|
|
|
|
2017-10-05 12:01:03 -05:00
|
|
|
|
```http
|
|
|
|
|
POST /api/auth/keys HTTP/1.1
|
|
|
|
|
Accept: application/json
|
|
|
|
|
Content-Type: application/json
|
|
|
|
|
Authorization: Bearer eyJrIjoiT0tTcG1pUlY2RnVKZTFVaDFsNFZXdE9ZWmNrMkZYbk
|
2017-04-20 06:59:36 -05:00
|
|
|
|
|
2017-10-05 12:01:03 -05:00
|
|
|
|
{
|
|
|
|
|
"name": "mykey",
|
|
|
|
|
"role": "Admin"
|
|
|
|
|
}
|
|
|
|
|
```
|
2017-04-20 06:59:36 -05:00
|
|
|
|
|
|
|
|
|
JSON Body schema:
|
|
|
|
|
|
|
|
|
|
- **name** – The key name
|
2017-12-13 11:53:42 -06:00
|
|
|
|
- **role** – Sets the access level/Grafana Role for the key. Can be one of the following values: `Viewer`, `Editor` or `Admin`.
|
2017-04-20 06:59:36 -05:00
|
|
|
|
|
|
|
|
|
**Example Response**:
|
|
|
|
|
|
2017-10-05 12:01:03 -05:00
|
|
|
|
```http
|
|
|
|
|
HTTP/1.1 200
|
|
|
|
|
Content-Type: application/json
|
2017-04-20 06:59:36 -05:00
|
|
|
|
|
2017-10-05 12:01:03 -05:00
|
|
|
|
{"name":"mykey","key":"eyJrIjoiWHZiSWd3NzdCYUZnNUtibE9obUpESmE3bzJYNDRIc0UiLCJuIjoibXlrZXkiLCJpZCI6MX1="}
|
|
|
|
|
```
|
2017-04-20 06:59:36 -05:00
|
|
|
|
|
|
|
|
|
## Delete API Key
|
|
|
|
|
|
|
|
|
|
`DELETE /api/auth/keys/:id`
|
|
|
|
|
|
|
|
|
|
**Example Request**:
|
|
|
|
|
|
2017-10-05 12:01:03 -05:00
|
|
|
|
```http
|
|
|
|
|
DELETE /api/auth/keys/3 HTTP/1.1
|
|
|
|
|
Accept: application/json
|
|
|
|
|
Content-Type: application/json
|
|
|
|
|
Authorization: Bearer eyJrIjoiT0tTcG1pUlY2RnVKZTFVaDFsNFZXdE9ZWmNrMkZYbk
|
|
|
|
|
```
|
2017-04-20 06:59:36 -05:00
|
|
|
|
**Example Response**:
|
|
|
|
|
|
2017-10-05 12:01:03 -05:00
|
|
|
|
```http
|
|
|
|
|
HTTP/1.1 200
|
|
|
|
|
Content-Type: application/json
|
2017-04-20 06:59:36 -05:00
|
|
|
|
|
2017-10-05 12:01:03 -05:00
|
|
|
|
{"message":"API key deleted"}
|
|
|
|
|
```
|