IntenseWebs/grafana
3
0
Fork 0
mirror of https://github.com/grafana/grafana.git synced 2025-02-25 18:55:37 -06:00
Code Issues Packages Projects Releases Wiki Activity
e1909fe74b
grafana/docs/sources/developers/http_api/admin.md
Joan López de la Franca Beltran e43879e55d
Encryption: Add support for multiple data keys per day (#47765) 
* Add database migrations

* Use short uids as data key ids

* Add support for manual data key rotation

* Fix duplicated mutex unlocks

* Fix migration

* Manage current data keys per name

* Adjust key re-encryption and test

* Modify rename column migration for MySQL compatibility

* Refactor secrets manager and data keys cache

* Multiple o11y adjustments

* Fix stats query

* Apply suggestions from code review

Co-authored-by: Tania <yalyna.ts@gmail.com>

* Fix linter

* Docs: Rotate data encryption keys API endpoint

Co-authored-by: Tania <yalyna.ts@gmail.com>
2022-05-23 13:13:55 +02:00

732 lines
17 KiB
Markdown
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

+++
aliases = ["/docs/grafana/latest/developers/http_api/admin/", "/docs/grafana/latest/http_api/admin/"]
description = "Grafana Admin HTTP API"
keywords = ["grafana", "http", "documentation", "api", "admin"]
title = "Admin HTTP API "
+++
# Admin API
The Admin HTTP API does not currently work with an API Token. API Tokens are currently only linked to an organization and an organization role. They cannot be given
the permission of server admin, only users can be given that permission. So in order to use these API calls you will have to use Basic Auth and the Grafana user
must have the Grafana Admin permission. (The default admin user is called `admin` and has permission to use this API.)
> If you are running Grafana Enterprise, for some endpoints you'll need to have specific permissions. Refer to [Role-based access control permissions]({{< relref "../../enterprise/access-control/custom-role-actions-scopes" >}}) for more information.
## Fetch settings
`GET /api/admin/settings`
Only works with Basic Authentication (username and password). See [introduction](http://docs.grafana.org/http_api/admin/#admin-api) for an explanation.
**Required permissions**
See note in the [introduction]({{< ref "#admin-api" >}}) for an explanation.
| Action | Scope |
| ------------- | ----------------------------------------------------------------------------------- |
| settings:read | settings:\*_<br>settings:auth.saml:_<br>settings:auth.saml:enabled (property level) |
**Example Request**:
```http
GET /api/admin/settings
Accept: application/json
Content-Type: application/json
```
**Example Response**:
```http
HTTP/1.1 200
Content-Type: application/json
```
## Update settings
`PUT /api/admin/settings`
> **Note:** Available in Grafana Enterprise v8.0+.
Updates / removes and reloads database settings. You must provide either `updates`, `removals` or both.
This endpoint only supports changes to `auth.saml` configuration.
**Required permissions**
See note in the [introduction]({{< ref "#admin-api" >}}) for an explanation.
| Action | Scope |
| -------------- | ----------------------------------------------------------------------------------- |
| settings:write | settings:\*_<br>settings:auth.saml:_<br>settings:auth.saml:enabled (property level) |
**Example request:**
```http
PUT /api/admin/settings
Accept: application/json
Content-Type: application/json
Authorization: Bearer eyJrIjoiT0tTcG1pUlY2RnVKZTFVaDFsNFZXdE9ZWmNrMkZYbk
{
"updates": {
"auth.saml": {
"enabled": "true"
}
},
"removals": {
"auth.saml": ["single_logout"]
},
}
```
**Example response:**
```http
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 32
```
Status codes:
- **200** - OK
- **400** - Bad Request
- **401** - Unauthorized
- **403** - Forbidden
- **500** - Internal Server Error
## Grafana Stats
`GET /api/admin/stats`
Only works with Basic Authentication (username and password). See [introduction](http://docs.grafana.org/http_api/admin/#admin-api) for an explanation.
**Required permissions**
See note in the [introduction]({{< ref "#admin-api" >}}) for an explanation.
| Action | Scope |
| ----------------- | ----- |
| server.stats:read | n/a |
**Example Request**:
```http
GET /api/admin/stats
Accept: application/json
Content-Type: application/json
```
**Example Response**:
```http
HTTP/1.1 200
Content-Type: application/json
```
## Grafana Usage Report preview
`GET /api/admin/usage-report-preview`
Preview usage report to be sent to vendor.
Only works with Basic Authentication (username and password). See [introduction](http://docs.grafana.org/http_api/admin/#admin-api) for an explanation.
**Example Request**:
```http
GET /api/admin/usage-report-preview
Accept: application/json
Content-Type: application/json
```
**Example Response**:
```http
HTTP/1.1 200
Content-Type: application/json
```
## Global Users
`POST /api/admin/users`
Create new user. Only works with Basic Authentication (username and password). See [introduction](http://docs.grafana.org/http_api/admin/#admin-api) for an explanation.
**Required permissions**
See note in the [introduction]({{< ref "#admin-api" >}}) for an explanation.
| Action | Scope |
| ------------ | ----- |
| users:create | n/a |
**Example Request**:
```http
POST /api/admin/users HTTP/1.1
Accept: application/json
Content-Type: application/json
```
Note that `OrgId` is an optional parameter that can be used to assign a new user to a different organization when [auto_assign_org]({{< relref "../../administration/configuration.md#auto-assign-org" >}}) is set to `true`.
**Example Response**:
```http
HTTP/1.1 200
Content-Type: application/json
```
## Password for User
`PUT /api/admin/users/:id/password`
Only works with Basic Authentication (username and password). See [introduction](http://docs.grafana.org/http_api/admin/#admin-api) for an explanation.
Change password for a specific user.
**Required permissions**
See note in the [introduction]({{< ref "#admin-api" >}}) for an explanation.
| Action | Scope |
| --------------------- | --------------- |
| users.password:update | global.users:\* |
**Example Request**:
```http
PUT /api/admin/users/2/password HTTP/1.1
Accept: application/json
Content-Type: application/json
```
**Example Response**:
```http
HTTP/1.1 200
Content-Type: application/json
```
## Permissions
`PUT /api/admin/users/:id/permissions`
Only works with Basic Authentication (username and password). See [introduction](http://docs.grafana.org/http_api/admin/#admin-api) for an explanation.
**Required permissions**
See note in the [introduction]({{< ref "#admin-api" >}}) for an explanation.
| Action | Scope |
| ------------------------ | --------------- |
| users.permissions:update | global.users:\* |
**Example Request**:
```http
PUT /api/admin/users/2/permissions HTTP/1.1
Accept: application/json
Content-Type: application/json
```
**Example Response**:
```http
HTTP/1.1 200
Content-Type: application/json
```
## Delete global User
`DELETE /api/admin/users/:id`
Only works with Basic Authentication (username and password). See [introduction](http://docs.grafana.org/http_api/admin/#admin-api) for an explanation.
**Required permissions**
See note in the [introduction]({{< ref "#admin-api" >}}) for an explanation.
| Action | Scope |
| ------------ | --------------- |
| users:delete | global.users:\* |
**Example Request**:
```http
DELETE /api/admin/users/2 HTTP/1.1
Accept: application/json
Content-Type: application/json
```
**Example Response**:
```http
HTTP/1.1 200
Content-Type: application/json
```
## Pause all alerts
`POST /api/admin/pause-all-alerts`
Only works with Basic Authentication (username and password). See [introduction](http://docs.grafana.org/http_api/admin/#admin-api) for an explanation.
**Example Request**:
```http
POST /api/admin/pause-all-alerts HTTP/1.1
Accept: application/json
Content-Type: application/json
```
JSON Body schema:
- **paused** If true then all alerts are to be paused, false unpauses all alerts.
**Example Response**:
```http
HTTP/1.1 200
Content-Type: application/json
```
## Auth tokens for User
`GET /api/admin/users/:id/auth-tokens`
Return a list of all auth tokens (devices) that the user currently have logged in from.
Only works with Basic Authentication (username and password). See [introduction](http://docs.grafana.org/http_api/admin/#admin-api) for an explanation.
**Required permissions**
See note in the [introduction]({{< ref "#admin-api" >}}) for an explanation.
| Action | Scope |
| -------------------- | --------------- |
| users.authtoken:list | global.users:\* |
**Example Request**:
```http
GET /api/admin/users/1/auth-tokens HTTP/1.1
Accept: application/json
Content-Type: application/json
```
**Example Response**:
```http
HTTP/1.1 200
Content-Type: application/json
```
## Revoke auth token for User
`POST /api/admin/users/:id/revoke-auth-token`
Revokes the given auth token (device) for the user. User of issued auth token (device) will no longer be logged in
and will be required to authenticate again upon next activity.
Only works with Basic Authentication (username and password). See [introduction](http://docs.grafana.org/http_api/admin/#admin-api) for an explanation.
**Required permissions**
See note in the [introduction]({{< ref "#admin-api" >}}) for an explanation.
| Action | Scope |
| ---------------------- | --------------- |
| users.authtoken:update | global.users:\* |
**Example Request**:
```http
POST /api/admin/users/1/revoke-auth-token HTTP/1.1
Accept: application/json
Content-Type: application/json
```
**Example Response**:
```http
HTTP/1.1 200
Content-Type: application/json
```
## Logout User
`POST /api/admin/users/:id/logout`
Logout user revokes all auth tokens (devices) for the user. User of issued auth tokens (devices) will no longer be logged in
and will be required to authenticate again upon next activity.
Only works with Basic Authentication (username and password). See [introduction](http://docs.grafana.org/http_api/admin/#admin-api) for an explanation.
**Required permissions**
See note in the [introduction]({{< ref "#admin-api" >}}) for an explanation.
| Action | Scope |
| ------------ | --------------- |
| users.logout | global.users:\* |
**Example Request**:
```http
POST /api/admin/users/1/logout HTTP/1.1
Accept: application/json
Content-Type: application/json
```
**Example Response**:
```http
HTTP/1.1 200
Content-Type: application/json
```
## Reload provisioning configurations
`POST /api/admin/provisioning/dashboards/reload`
`POST /api/admin/provisioning/datasources/reload`
`POST /api/admin/provisioning/plugins/reload`
`POST /api/admin/provisioning/notifications/reload`
`POST /api/admin/provisioning/access-control/reload`
Reloads the provisioning config files for specified type and provision entities again. It won't return
until the new provisioned entities are already stored in the database. In case of dashboards, it will stop
polling for changes in dashboard files and then restart it with new configurations after returning.
Only works with Basic Authentication (username and password). See [introduction](http://docs.grafana.org/http_api/admin/#admin-api) for an explanation.
**Required permissions**
See note in the [introduction]({{< ref "#admin-api" >}}) for an explanation.
| Action | Scope | Provision entity |
| ------------------- | -------------------------- | ---------------- |
| provisioning:reload | provisioners:accesscontrol | accesscontrol |
| provisioning:reload | provisioners:dashboards | dashboards |
| provisioning:reload | provisioners:datasources | datasources |
| provisioning:reload | provisioners:plugins | plugins |
| provisioning:reload | provisioners:notifications | notifications |
**Example Request**:
```http
POST /api/admin/provisioning/dashboards/reload HTTP/1.1
Accept: application/json
Content-Type: application/json
```
**Example Response**:
```http
HTTP/1.1 200
Content-Type: application/json
```
## Reload LDAP configuration
`POST /api/admin/ldap/reload`
Reloads the LDAP configuration.
Only works with Basic Authentication (username and password). See [introduction](http://docs.grafana.org/http_api/admin/#admin-api) for an explanation.
**Example Request**:
```http
POST /api/admin/ldap/reload HTTP/1.1
Accept: application/json
Content-Type: application/json
```
**Example Response**:
```http
HTTP/1.1 200
Content-Type: application/json
```
## Rotate data encryption keys
`POST /api/admin/encryption/rotate-data-keys`
Rotates data encryption keys, so all the active keys are disabled
and no longer used for encryption but kept for decryption operations.
Secrets encrypted with one of the deactivated keys need to be re-encrypted
to actually stop using those keys for both encryption and decryption.
**Example Request**:
```http
POST /api/admin/encryption/rotate-data-keys HTTP/1.1
Accept: application/json
Content-Type: application/json
```
**Example Response**:
```http
HTTP/1.1 204
Content-Type: application/json
```
Reference in New Issue View Git Blame Copy Permalink