opensource/grafana
1
0
Fork 0
mirror of https://github.com/grafana/grafana.git synced 2025-09-19 22:34:09 +08:00
Code Issues Packages Projects Releases Wiki Activity

Docs: Remove api key references from docs (#106134)

Browse Source 
remove api key references from docs
This commit is contained in:
Mihai Doarna
2025-06-17 18:20:08 +03:00
committed by GitHub
parent 7bae1d9d02
commit 96f1582c36
5 changed files with 2 additions and 307 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
docs/sources/administration/organization-management/index.md
View File

@ -39,7 +39,7 @@ The following table summarizes the resources you can share and/or isolate using
| Notification channels | Isolate only | | Notification channels | Isolate only |
| Annotations | Isolate only | | Annotations | Isolate only |
| Reports | Isolate only | | Reports | Isolate only |
| API keys | Isolate only | | Service accounts | Isolate only |
| Authentication providers | Share only | | Authentication providers | Share only |
| Configuration settings | Share only | | Configuration settings | Share only |
| Licenses | Share | | Licenses | Share |

2
docs/sources/administration/roles-and-permissions/_index.md
View File

@ -71,7 +71,7 @@ Permissions assigned to a user within an organization control the extent to whic
- plugins - plugins
- annotations - annotations
- library panels - library panels
- API keys - service accounts
For more information about managing organization users, see [User management](../user-management/manage-org-users/). For more information about managing organization users, see [User management](../user-management/manage-org-users/).

135
docs/sources/developers/http_api/auth.md
View File

@ -1,135 +0,0 @@
---
aliases:
- ../../http_api/auth/
- ../../http_api/authentication/
canonical: /docs/grafana/latest/developers/http_api/auth/
description: Grafana Authentication HTTP API
keywords:
- grafana
- http
- documentation
- api
- authentication
labels:
products:
- enterprise
- oss
title: 'Authentication HTTP API '
---
# Authentication API
The Authentication HTTP API is used to manage API keys.
{{% admonition type="note" %}}
Grafana recommends using service accounts instead of API keys. For more information, refer to [Grafana service account API reference](../serviceaccount/).
{{% /admonition %}}
> If you are running Grafana Enterprise, for some endpoints you would need to have relevant permissions. Refer to [Role-based access control permissions](../../../administration/roles-and-permissions/access-control/custom-role-actions-scopes/) for more information.
## List API keys
{{% admonition type="warning" %}}
This endpoint is deprecated.
{{% /admonition %}}
`GET /api/auth/keys`
**Required permissions**
See note in the [introduction](#authentication-api) for an explanation.
| Action | Scope |
| -------------- | ----------- |
| `apikeys:read` | `apikeys:*` |
**Example Request**:
```http
GET /api/auth/keys HTTP/1.1
Accept: application/json
Content-Type: application/json
Authorization: Bearer eyJrIjoiT0tTcG1pUlY2RnVKZTFVaDFsNFZXdE9ZWmNrMkZYbk
```
Query Parameters:
- `includeExpired`: boolean. enable listing of expired keys. Optional.
**Example Response**:
```http
HTTP/1.1 200
Content-Type: application/json
```
## Create API Key
{{% admonition type="warning" %}}
This endpoint has been made obsolete in Grafana 11.3.0.
{{% /admonition %}}
Endpoint is obsolete and has been moved to [Grafana service account API](../serviceaccount/). For more information, refer to [Migrate to Grafana service account API](/docs/grafana/<GRAFANA_VERSION>/administration/service-accounts/migrate-api-keys/).
`POST /api/auth/keys`
**Example Response**:
```http
HTTP/1.1 410
Content-Type: application/json
```
## Delete API Key
{{% admonition type="warning" %}}
### DEPRECATED
{{% /admonition %}}
`DELETE /api/auth/keys/:id`
**Required permissions**
See note in the [introduction](#authentication-api) for an explanation.
| Action | Scope |
| ---------------- | ---------- |
| `apikeys:delete` | apikeys:\* |
**Example Request**:
```http
DELETE /api/auth/keys/3 HTTP/1.1
Accept: application/json
Content-Type: application/json
Authorization: Bearer eyJrIjoiT0tTcG1pUlY2RnVKZTFVaDFsNFZXdE9ZWmNrMkZYbk
```
**Example Response**:
```http
HTTP/1.1 200
Content-Type: application/json
```
```http
DELETE /api/auth/keys/3 HTTP/1.1
Accept: application/json
Content-Type: application/json
Authorization: Bearer eyJrIjoiT0tTcG1pUlY2RnVKZTFVaDFsNFZXdE9ZWmNrMkZYbk
```
**Example Response**:
```http
HTTP/1.1 200
Content-Type: application/json
{"message":"API key deleted"}
```

162
docs/sources/developers/http_api/serviceaccount.md
View File

@ -260,134 +260,6 @@ Content-Type: application/json
**Example Response**: **Example Response**:
```
## Hide the API keys tab
`GET /api/serviceaccounts/hideApiKeys`
**Required permissions**
See note in the [introduction](#service-account-api) for an explanation.
| Action | Scope |
| --------------------- | ------------------ |
| serviceaccounts:write | serviceaccounts:\* |
**Example Request**:
```http
POST /api/serviceaccounts/hideApiKeys HTTP/1.1
Accept: application/json
Content-Type: application/json
Authorization: Basic YWRtaW46YWRtaW4=
```
**Example Response**:
```http
HTTP/1.1 200
Content-Type: application/json
```
## Get service account tokens
`GET /api/serviceaccounts/:id/tokens`
**Required permissions**
See note in the [introduction](#service-account-api) for an explanation.
| Action | Scope |
| -------------------- | --------------------- |
| serviceaccounts:read | serviceaccounts:id:\* |
**Example Request**:
```http
GET /api/serviceaccounts/2/tokens HTTP/1.1
Accept: application/json
Content-Type: application/json
Authorization: Basic YWRtaW46YWRtaW4=
```
**Example Response**:
```http
HTTP/1.1 200
Content-Type: application/json
```
## Create service account tokens
`POST /api/serviceaccounts/:id/tokens`
**Required permissions**
See note in the [introduction](#service-account-api) for an explanation.
| Action | Scope |
| --------------------- | --------------------- |
| serviceaccounts:write | serviceaccounts:id:\* |
**Example Request**:
```http
POST /api/serviceaccounts/2/tokens HTTP/1.1
Accept: application/json
Content-Type: application/json
Authorization: Basic YWRtaW46YWRtaW4=
```
Default value for the `secondsToLive` is 0, which means that the service account token will never expire.
**Example Response**:
```http
HTTP/1.1 200
Content-Type: application/json
```
## Delete service account tokens
`DELETE /api/serviceaccounts/:id/tokens/:tokenId`
**Required permissions**
See note in the [introduction](#service-account-api) for an explanation.
| Action | Scope |
| --------------------- | --------------------- |
| serviceaccounts:write | serviceaccounts:id:\* |
**Example Request**:
```http
DELETE /api/serviceaccounts/2/tokens/1 HTTP/1.1
Accept: application/json
Content-Type: application/json
Authorization: Basic YWRtaW46YWRtaW4=
```
**Example Response**:
```http
HTTP/1.1 200
Content-Type: application/json
```
## Revert service account token to API key
`DELETE /api/serviceaccounts/:serviceAccountId/revert/:keyId`
This operation will delete the service account and create a legacy API Key for the given `keyId`.
```http ```http
HTTP/1.1 200 HTTP/1.1 200
Content-Type: application/json Content-Type: application/json
@ -500,37 +372,3 @@ Content-Type: application/json
"message": "API key deleted" "message": "API key deleted"
} }
``` ```
## Revert service account token to API key
`DELETE /api/serviceaccounts/:serviceAccountId/revert/:keyId`
This operation will delete the service account and create a legacy API Key for the given `keyId`.
**Required permissions**
See note in the [introduction](#service-account-api) for an explanation.
| Action | Scope |
| ---------------------- | --------------------- |
| serviceaccounts:delete | serviceaccounts:id:\* |
**Example Request**:
```http
DELETE /api/serviceaccounts/1/revert/glsa_VVQjot0nijQ59lun6pMZRtsdBXxnFQ9M_77c34a79 HTTP/1.1
Accept: application/json
Content-Type: application/json
Authorization: Basic YWRtaW46YWRtaW4=
```
**Example Response**:
```http
HTTP/1.1 200
Content-Type: application/json
{
"message": "Reverted service account to API key"
}
```

8
docs/sources/setup-grafana/configure-security/planning-iam-strategy/index.md
View File

@ -133,14 +133,6 @@ In Grafana's audit logs it will still show up as the same service account.
Service account access tokens inherit permissions from the service account. Service account access tokens inherit permissions from the service account.
### API keys
{{< admonition type="note" >}}
Grafana recommends using service accounts instead of API keys. API keys will be deprecated in the near future. For more information, refer to [Grafana service accounts](./#service-accounts).
{{< /admonition >}}
You can use Grafana API keys to interact with data sources via HTTP APIs.
## How to work with roles? ## How to work with roles?
Grafana roles control the access of users and service accounts to specific resources and determine their authorized actions. Grafana roles control the access of users and service accounts to specific resources and determine their authorized actions.