grafana/docs/sources/http_api/auth.md

+++
title = "Authentication HTTP API "
description = "Grafana Authentication HTTP API"
keywords = ["grafana", "http", "documentation", "api", "authentication"]
aliases = ["/http_api/authentication/"]
type = "docs"
[menu.docs]
name = "Authentication"
parent = "http_api"
+++

# Authentication API

## Tokens

Currently you can authenticate via an `API Token` or via a `Session cookie` (acquired using regular login or oauth).

## Basic Auth

If basic auth is enabled (it is enabled by default) you can authenticate your HTTP request via
standard basic auth. Basic auth will also authenticate LDAP users.

curl example:
```
?curl http://admin:admin@localhost:3000/api/org
{"id":1,"name":"Main Org."}
```

## Create API Token

Open the sidemenu and click the organization dropdown and select the `API Keys` option.

![](/img/docs/v2/orgdropdown_api_keys.png)

You use the token in all requests in the `Authorization` header, like this:

**Example**:

    GET http://your.grafana.com/api/dashboards/db/mydash HTTP/1.1
    Accept: application/json
    Authorization: Bearer eyJrIjoiT0tTcG1pUlY2RnVKZTFVaDFsNFZXdE9ZWmNrMkZYbk

The `Authorization` header value should be `Bearer <your api key>`.

# Auth HTTP resources / actions

## Api Keys

`GET /api/auth/keys`

**Example Request**:

    GET /api/auth/keys HTTP/1.1
    Accept: application/json
    Content-Type: application/json
    Authorization: Bearer eyJrIjoiT0tTcG1pUlY2RnVKZTFVaDFsNFZXdE9ZWmNrMkZYbk

**Example Response**:

    HTTP/1.1 200
    Content-Type: application/json

    [
      {
        "id": 3,
        "name": "API",
        "role": "Admin"
      },
      {
        "id": 1,
        "name": "TestAdmin",
        "role": "Admin"
      }
    ]

## Create API Key

`POST /api/auth/keys`

**Example Request**:

    POST /api/auth/keys HTTP/1.1
    Accept: application/json
    Content-Type: application/json
    Authorization: Bearer eyJrIjoiT0tTcG1pUlY2RnVKZTFVaDFsNFZXdE9ZWmNrMkZYbk

    {
      "name": "mykey",
      "role": "Admin"
    }

JSON Body schema:

- **name** – The key name
- **role** – Sets the access level/Grafana Role for the key. Can be one of the following values: `Viewer`, `Editor`, `Read Only Editor` or `Admin`.

**Example Response**:

    HTTP/1.1 200
    Content-Type: application/json

    {"name":"mykey","key":"eyJrIjoiWHZiSWd3NzdCYUZnNUtibE9obUpESmE3bzJYNDRIc0UiLCJuIjoibXlrZXkiLCJpZCI6MX1="}

## Delete API Key

`DELETE /api/auth/keys/:id`

**Example Request**:

    DELETE /api/auth/keys/3 HTTP/1.1
    Accept: application/json
    Content-Type: application/json
    Authorization: Bearer eyJrIjoiT0tTcG1pUlY2RnVKZTFVaDFsNFZXdE9ZWmNrMkZYbk

**Example Response**:

    HTTP/1.1 200
    Content-Type: application/json

    {"message":"API key deleted"}
-												docs(http_api): convert to new docs format

											
										
										
											2016-11-24 03:16:24 -06:00
+								+++
 								title = "Authentication HTTP API "
 								description = "Grafana Authentication HTTP API"
 								keywords = ["grafana", "http", "documentation", "api", "authentication"]
 								aliases = ["/http_api/authentication/"]
 								type = "docs"
 								[menu.docs]
 								name = "Authentication"
 								parent = "http_api"
 								+++
-												Arranged http_api docs in a better way

											
										
										
											2016-02-03 00:59:22 -06:00
-												Added api heading in the main menu

											
										
										
											2016-02-05 03:15:09 -06:00
+								# Authentication API
-												Arranged http_api docs in a better way

											
										
										
											2016-02-03 00:59:22 -06:00
-												Added api heading in the main menu

											
										
										
											2016-02-05 03:15:09 -06:00
+								## Tokens
-												Arranged http_api docs in a better way

											
										
										
											2016-02-03 00:59:22 -06:00
 								Currently you can authenticate via an `API Token` or via a `Session cookie` (acquired using regular login or oauth).
-												Added api heading in the main menu

											
										
										
											2016-02-05 03:15:09 -06:00
+								## Basic Auth
-												Arranged http_api docs in a better way

											
										
										
											2016-02-03 00:59:22 -06:00
 								If basic auth is enabled (it is enabled by default) you can authenticate your HTTP request via
-												Basic Auth now supports LDAP username and password (#6940)


											
										
										
											2016-12-13 02:15:52 -06:00
+								standard basic auth. Basic auth will also authenticate LDAP users.
-												Arranged http_api docs in a better way

											
										
										
											2016-02-03 00:59:22 -06:00
 								curl example:
 								```
 								?curl http://admin:admin@localhost:3000/api/org
 								{"id":1,"name":"Main Org."}
 								```
-												Added api heading in the main menu

											
										
										
											2016-02-05 03:15:09 -06:00
+								## Create API Token
-												Arranged http_api docs in a better way

											
										
										
											2016-02-03 00:59:22 -06:00
 								Open the sidemenu and click the organization dropdown and select the `API Keys` option.
-												Docs for developing plugins (#7475)

* docs(plugins): new developing plugins section

Creates new section called Developing Plugins in
the plugin section of the docs.

1. Some changes to the Development guide page
2. Converted defaults/editor mode blog post
to new page
3. Converted snapshots blog post to new page
4. Adds new code styleguide page
5. Updates to apps and datasources pages
6. Adds plugin.json schema

* docs(links): fixes broken links

Fixes broken links to other pages as
well as broken image links.

											
										
										
											2017-02-07 00:48:01 -06:00
+								![](/img/docs/v2/orgdropdown_api_keys.png)
-												Arranged http_api docs in a better way

											
										
										
											2016-02-03 00:59:22 -06:00
 								You use the token in all requests in the `Authorization` header, like this:
 								**Example**:
 								    GET http://your.grafana.com/api/dashboards/db/mydash HTTP/1.1
 								    Accept: application/json
 								    Authorization: Bearer eyJrIjoiT0tTcG1pUlY2RnVKZTFVaDFsNFZXdE9ZWmNrMkZYbk
-												Added api heading in the main menu

											
										
										
											2016-02-05 03:15:09 -06:00
+								The `Authorization` header value should be `Bearer <your api key>`.
-												docs: document API calls for /auth/keys

											
										
										
											2017-04-20 06:59:36 -05:00
 								# Auth HTTP resources / actions
 								## Api Keys
 								`GET /api/auth/keys`
 								**Example Request**:
 								    GET /api/auth/keys HTTP/1.1
 								    Accept: application/json
 								    Content-Type: application/json
 								    Authorization: Bearer eyJrIjoiT0tTcG1pUlY2RnVKZTFVaDFsNFZXdE9ZWmNrMkZYbk
 								**Example Response**:
 								    HTTP/1.1 200
 								    Content-Type: application/json
 								    [
 								      {
 								        "id": 3,
 								        "name": "API",
 								        "role": "Admin"
 								      },
 								      {
 								        "id": 1,
 								        "name": "TestAdmin",
 								        "role": "Admin"
 								      }
 								    ]
 								## Create API Key
 								`POST /api/auth/keys`
 								**Example Request**:
 								    POST /api/auth/keys HTTP/1.1
 								    Accept: application/json
 								    Content-Type: application/json
 								    Authorization: Bearer eyJrIjoiT0tTcG1pUlY2RnVKZTFVaDFsNFZXdE9ZWmNrMkZYbk
 								    {
 								      "name": "mykey",
 								      "role": "Admin"
 								    }
 								JSON Body schema:
 								- **name** – The key name
 								- **role** – Sets the access level/Grafana Role for the key. Can be one of the following values: `Viewer`, `Editor`, `Read Only Editor` or `Admin`.
 								**Example Response**:
 								    HTTP/1.1 200
 								    Content-Type: application/json
 								    {"name":"mykey","key":"eyJrIjoiWHZiSWd3NzdCYUZnNUtibE9obUpESmE3bzJYNDRIc0UiLCJuIjoibXlrZXkiLCJpZCI6MX1="}
 								## Delete API Key
 								`DELETE /api/auth/keys/:id`
 								**Example Request**:
 								    DELETE /api/auth/keys/3 HTTP/1.1
 								    Accept: application/json
 								    Content-Type: application/json
 								    Authorization: Bearer eyJrIjoiT0tTcG1pUlY2RnVKZTFVaDFsNFZXdE9ZWmNrMkZYbk
 								**Example Response**:
 								    HTTP/1.1 200
 								    Content-Type: application/json
 								    {"message":"API key deleted"}