Authentication API

The Grafana API supports multiple authentication methods for secure access to API endpoints.

Authentication Methods

Grafana supports the following authentication methods:

Basic Authentication - Username and password
API Keys - Token-based authentication
Session Cookies - Browser-based authentication

Basic Authentication

Use HTTP Basic Authentication with your Grafana username and password:

curl -u admin:admin http://localhost:3000/api/org

Security Definitions

basic

HTTP Basic Authentication using username and password

API Key Authentication

API keys provide a secure way to authenticate API requests without exposing user credentials.

Security Definitions

api_key

apiKey

API Key authenticationLocation: Header
Name: Authorization
Format: Bearer <api-key>

Using API Keys

Include the API key in the Authorization header:

curl -H "Authorization: Bearer eyJrIjoiT0tTcG1pUlY2RnVKZTFVaDFsNFZXdE9ZWmNrMkZYbk" \
  http://localhost:3000/api/org

Session Authentication

curl -X POST http://localhost:3000/api/login \
  -H "Content-Type: application/json" \
  -d '{
    "user": "admin",
    "password": "admin"
  }'

user

string

required

Username or email address

password

string

required

User password

message

string

Logout

curl -X GET http://localhost:3000/api/logout

Logs out the current user and clears the session cookie.

User Auth Tokens

Get Auth Tokens

Get all auth tokens for the current user.

curl -X GET http://localhost:3000/api/user/auth-tokens \
  -u admin:admin

integer

Token ID

isActive

boolean

Whether the token is currently active

clientIp

string

IP address of the client

createdAt

string

Token creation timestamp (ISO 8601)

Revoke Auth Token

Revoke a specific auth token.

curl -X POST http://localhost:3000/api/user/revoke-auth-token \
  -u admin:admin \
  -H "Content-Type: application/json" \
  -d '{
    "authTokenId": 1
  }'

authTokenId

integer

required

ID of the auth token to revoke

Rotate Auth Token

Rotate the current auth token.

curl -X POST http://localhost:3000/api/user/auth-tokens/rotate \
  -u admin:admin

Authentication Errors

401 Unauthorized

Returned when authentication credentials are missing or invalid.

{
  "message": "Unauthorized"
}

403 Forbidden

Returned when the authenticated user lacks permission for the requested resource.

{
  "message": "Permission denied"
}

Getting Started

Architecture

Contributing

Plugin Development

API Reference

Authentication

Authentication API

Authentication Methods

Basic Authentication

Security Definitions

API Key Authentication

Security Definitions

Using API Keys

Session Authentication

Logout

User Auth Tokens

Get Auth Tokens

Revoke Auth Token

Rotate Auth Token

Authentication Errors

401 Unauthorized

403 Forbidden

Getting Started

Architecture

Contributing

Plugin Development

API Reference

​Authentication API

​Authentication Methods

​Basic Authentication

​Security Definitions

​API Key Authentication

​Security Definitions

​Using API Keys

​Session Authentication

​Login

​Logout

​User Auth Tokens

​Get Auth Tokens

​Revoke Auth Token

​Rotate Auth Token

​Authentication Errors

​401 Unauthorized

​403 Forbidden

Authentication API

Authentication Methods

Basic Authentication

Security Definitions

API Key Authentication

Security Definitions

Using API Keys

Session Authentication

Login

Logout

User Auth Tokens

Get Auth Tokens

Revoke Auth Token

Rotate Auth Token

Authentication Errors

401 Unauthorized

403 Forbidden