Select your cookie preferences

We use essential cookies and similar tools that are necessary to provide our site and services. We use performance cookies to collect anonymous statistics, so we can understand how customers use our site and make improvements. Essential cookies cannot be deactivated, but you can choose “Customize” or “Decline” to decline performance cookies.

If you agree, AWS and approved third parties will also use cookies to provide useful site features, remember your preferences, and display relevant content, including relevant advertising. To accept or decline all non-essential cookies, choose “Accept” or “Decline.” To make more detailed choices, choose “Customize.”

Authentication API

Focus mode
Authentication API - Amazon Managed Grafana

Use the Authentication API to work with authentication keys in an Amazon Managed Grafana workspace.

Note

To use a Grafana API with your Amazon Managed Grafana workspace, you must have a valid Grafana API token. You include this in the Authorization field in the API request. For information about how to create a token to authenticate your API calls, see Authenticate with tokens.

Get API keys

GET /api/auth/keys

Example request

GET /api/auth/keys HTTP/1.1 Accept: application/json Content-Type: application/json Authorization: Bearer eyJrIjoiT0tTcG1pUlY2RnVKZTFVaDFsNFZXdE9ZWmNrMkZYbk

Query parameter:

  • includeExpired— (Optional) Boolean parameter that specifies whether to include expired keys in the returned results. The default is false.

Example response

HTTP/1.1 200 Content-Type: application/json [ {"id": 3,"name": "API","role": "Admin"}, {"id": 1,"name": "TestAdmin","role": "Admin","expiration": "2019-06-26T10:52:03+03:00"} ]

Create API key

POST /api/auth/keys

Example request

POST /api/auth/keys HTTP/1.1 Accept: application/json Content-Type: application/json Authorization: Bearer eyJrIjoiT0tTcG1pUlY2RnVKZTFVaDFsNFZXdE9ZWmNrMkZYbk { "name": "mykey", "role": "Admin", "secondsToLive": 86400 }

JSON body schema:

  • name— The name for the key.

  • role— Sets the access level (Grafana role) for the key. Valid values are Admin, Editor, or Viewer.

  • secondsToLive— Sets the amount of time before the key expires. It must be 2592000 (30 days) or less.

Example response

{"name":"mykey","key":"eyJrIjoiWHZiSWd3NzdCYUZnNUtibE9obUpESmE3bzJYNDRIc0UiLCJuIjoibXlrZXkiLCJpZCI6MX1=","id":1}

Error statuses:

  • 400secondsToLive is greater than 2592000

  • 500— The key couldn't be stored in the database.

Delete API key

DELETE /api/auth/keys/:id

Example request

DELETE /api/auth/keys/3 HTTP/1.1 Accept: application/json Content-Type: application/json Authorization: Bearer eyJrIjoiT0tTcG1pUlY2RnVKZTFVaDFsNFZXdE9ZWmNrMkZYbk

Example response

HTTP/1.1 200 Content-Type: application/json {"message":"API key deleted"}

On this page

PrivacySite termsCookie preferences
© 2025, Amazon Web Services, Inc. or its affiliates. All rights reserved.