Authentication


Infinity datasource supports following authentication methods

  • No Authentication
  • Basic authentication
  • Bearer token authentication
  • API Key authentication
  • Digest authentication
  • OAuth passthrough
  • OAuth2 client credentials
  • OAuth2 JWT authentication
  • Azure authentication
  • Azure blob storage key
  • AWS authentication

No Authentication#

If your APIs doesn't require any authentication, select No Authentication method.

Basic Authentication#

Basic authentication sends a username and password with your request. In the request Headers, the Authorization header will be sent in the Basic <Base64 encoded username and password> format.

Bearer Token Authentication#

Bearer token enable requests to authenticate using an access key, such as a JSON Web Token (JWT), personal access token. In the request Headers, the Authorization header will be sent in the Bearer <Your API key> format.

If you need a custom prefix instead of Bearer prefix, use API Key authentication instead with the key of Authorization.

API Key Authentication#

With API key authentication, you can send a key-value pair to the API via request header or query parameter. API Key authentication requires following parameters

KeyDescription
KeyKey of the API token. This wll be key of the header or query parameter.
ValueValue of the API token
InAccepts header/query. Most APIs accept API keys via headers which is preferred way of sending api keys. Sending API keys via the query parameter is not suggested way.

Most often, users got confused with API key authentication with bearer token authentication. So just double check, you are using the correct auth mechanism.

Digest Authentication#

Digest authentication enable requests to authenticate using RFC7616 HTTP Digest Access Authentication protocol.

OAuth Passthrough#

If grafana user is already authenticated via OAuth, this authentication method will forward the oauth tokens to the API.

OAuth2 Client Credentials Authentication#

OAuth2 Client credentials require the following parameters

KeyDescription
Client IDClientID is the application's ID
Client SecretClientSecret is the application's secret.
Token URLTokenURL is the resource server's token endpoint URL. This is a constant specific to each server.
ScopesScope specifies optional requested permissions.
Endpoint paramsEndpointParams specifies additional parameters for requests to the token endpoint.

OAuth2 JWT Authentication#

OAuth2 JWT require the following parameters

KeyDescription
EmailEmail is the OAuth client identifier used when communicating with the configured OAuth provider
Private KeyPrivateKey contains the contents of an RSA private key or the contents of a PEM file that contains a privatekey
Private Key IdentifierOptional. PrivateKeyID contains an optional hint indicating which key is being used
Token URLTokenURL is the endpoint required to complete the 2-legged JWT flow
SubjectOptional. Subject is the optional user to impersonate
ScopesScopes optionally specifies a list of requested permission scopes. Provide scopes as a comma separated values

Azure Authentication#

If you want to authenticate your API endpoints via microsoft azure authentication, refer steps given here.

Azure Blob Storage key#

To retrieve content from azure blob storage, you need to provide the following information

  • Azure storage account name
  • Azure storage account key ( either primary key or secondary key)

AWS Authentication#

If you want to authenticate your API endpoints via amazon aws authentication, refer steps given here.