IntenseWebs/grafana
3
0
Fork 0
mirror of https://github.com/grafana/grafana.git synced 2025-02-12 00:25:46 -06:00
Code Issues Packages Projects Releases Wiki Activity
75bf31b5c7
grafana/docs/sources/http_api/auth.md
Sofia Papagiannaki dc9ec7dc91
Auth: Allow expiration of API keys (#17678) 
* Modify backend to allow expiration of API Keys

* Add middleware test for expired api keys

* Modify frontend to enable expiration of API Keys

* Fix frontend tests

* Fix migration and add index for `expires` field

* Add api key tests for database access

* Substitude time.Now() by a mock for test usage

* Front-end modifications

* Change input label to `Time to live`
* Change input behavior to comply with the other similar
* Add tooltip

* Modify AddApiKey api call response

Expiration should be *time.Time instead of string

* Present expiration date in the selected timezone

* Use kbn for transforming intervals to seconds

* Use `assert` library for tests

* Frontend fixes

Add checks for empty/undefined/null values

* Change expires column from datetime to integer

* Restrict api key duration input

It should be interval not number

* AddApiKey must complain if SecondsToLive is negative

* Declare ErrInvalidApiKeyExpiration

* Move configuration to auth section

* Update docs

* Eliminate alias for models in modified files

* Omit expiration from api response if empty

* Eliminate Goconvey from test file

* Fix test

Do not sleep, use mocked timeNow() instead

* Remove index for expires from api_key table

The index should be anyway on both org_id and expires fields.
However this commit eliminates completely the index for now
since not many rows are expected to be in this table.

* Use getTimeZone function

* Minor change in api key listing

The frontend should display a message instead of empty string
if the key does not expire.
2019-06-26 09:47:03 +03:00

3.4 KiB
Raw Blame History

+++ title = "Authentication HTTP API " description = "Grafana Authentication HTTP API" keywords = ["grafana", "http", "documentation", "api", "authentication"] aliases = ["/http_api/authentication/"] type = "docs" [menu.docs] name = "Authentication HTTP API" parent = "http_api" +++

Authentication API

Tokens

Currently you can authenticate via an API Token or via a Session cookie (acquired using regular login or oauth).

Basic Auth

If basic auth is enabled (it is enabled by default) you can authenticate your HTTP request via standard basic auth. Basic auth will also authenticate LDAP users.

curl example:

?curl http://admin:admin@localhost:3000/api/org
{"id":1,"name":"Main Org."}

Create API Token

Open the sidemenu and click the organization dropdown and select the API Keys option.

You use the token in all requests in the Authorization header, like this:

Example:

GET http://your.grafana.com/api/dashboards/db/mydash HTTP/1.1
Accept: application/json
Authorization: Bearer eyJrIjoiT0tTcG1pUlY2RnVKZTFVaDFsNFZXdE9ZWmNrMkZYbk

The Authorization header value should be Bearer <your api key>.

The API Token can also be passed as a Basic authorization password with the special username api_key:

curl example:

?curl http://api_key:eyJrIjoiT0tTcG1pUlY2RnVKZTFVaDFsNFZXdE9ZWmNrMkZYbk@localhost:3000/api/org
{"id":1,"name":"Main Org."}

Auth HTTP resources / actions

Api Keys

GET /api/auth/keys

Example Request:

GET /api/auth/keys HTTP/1.1
Accept: application/json
Content-Type: application/json
Authorization: Bearer eyJrIjoiT0tTcG1pUlY2RnVKZTFVaDFsNFZXdE9ZWmNrMkZYbk

Example Response:

HTTP/1.1 200
Content-Type: application/json

[
  {
    "id": 3,
    "name": "API",
    "role": "Admin"
  },
  {
    "id": 1,
    "name": "TestAdmin",
    "role": "Admin",
    "expiration": "2019-06-26T10:52:03+03:00"
  }
]

Create API Key

POST /api/auth/keys

Example Request:

POST /api/auth/keys HTTP/1.1
Accept: application/json
Content-Type: application/json
Authorization: Bearer eyJrIjoiT0tTcG1pUlY2RnVKZTFVaDFsNFZXdE9ZWmNrMkZYbk

{
  "name": "mykey",
  "role": "Admin",
  "secondsToLive": 86400
}

JSON Body schema:

  • name The key name
  • role Sets the access level/Grafana Role for the key. Can be one of the following values: Viewer, Editor or Admin.
  • secondsToLive Sets the key expiration in seconds. It is optional. If it is a positive number an expiration date for the key is set. If it is null, zero or is omitted completely (unless api_key_max_seconds_to_live configuration option is set) the key will never expire.

Error statuses:

  • 400 api_key_max_seconds_to_live is set but no secondsToLive is specified or secondsToLive is greater than this value.
  • 500 The key was unable to be stored in the database.

Example Response:

HTTP/1.1 200
Content-Type: application/json

{"name":"mykey","key":"eyJrIjoiWHZiSWd3NzdCYUZnNUtibE9obUpESmE3bzJYNDRIc0UiLCJuIjoibXlrZXkiLCJpZCI6MX1="}

Delete API Key

DELETE /api/auth/keys/:id

Example Request:

DELETE /api/auth/keys/3 HTTP/1.1
Accept: application/json
Content-Type: application/json
Authorization: Bearer eyJrIjoiT0tTcG1pUlY2RnVKZTFVaDFsNFZXdE9ZWmNrMkZYbk

Example Response:

HTTP/1.1 200
Content-Type: application/json

{"message":"API key deleted"}