Authentication
Infinity datasource supports following authentication methods
- No Authentication
- Basic authentication
- Bearer token authentication
- API Key authentication
- Digest authentication
- OAuth passthrough
- OAuth2 client credentials
- OAuth2 JWT authentication
- Azure authentication
- Azure blob storage key
- AWS authentication
No Authentication#
If your APIs doesn't require any authentication, select No Authentication method.
Basic Authentication#
Basic authentication sends a username and password with your request. In the request Headers, the Authorization header will be sent in the Basic <Base64 encoded username and password> format.
Bearer Token Authentication#
Bearer token enable requests to authenticate using an access key, such as a JSON Web Token (JWT), personal access token. In the request Headers, the Authorization header will be sent in the Bearer <Your API key> format.
If you need a custom prefix instead of Bearer prefix, use API Key authentication instead with the key of Authorization.
API Key Authentication#
With API key authentication, you can send a key-value pair to the API via request header or query parameter. API Key authentication requires following parameters
| Key | Description |
|---|---|
| Key | Key of the API token. This wll be key of the header or query parameter. |
| Value | Value of the API token |
| In | Accepts header/query. Most APIs accept API keys via headers which is preferred way of sending api keys. Sending API keys via the query parameter is not suggested way. |
Most often, users got confused with API key authentication with bearer token authentication. So just double check, you are using the correct auth mechanism.
Digest Authentication#
Digest authentication enable requests to authenticate using RFC7616 HTTP Digest Access Authentication protocol.
OAuth Passthrough#
If grafana user is already authenticated via OAuth, this authentication method will forward the oauth tokens to the API.
OAuth2 Client Credentials Authentication#
OAuth2 Client credentials require the following parameters
| Key | Description |
|---|---|
| Client ID | ClientID is the application's ID |
| Client Secret | ClientSecret is the application's secret. |
| Token URL | TokenURL is the resource server's token endpoint URL. This is a constant specific to each server. |
| Scopes | Scope specifies optional requested permissions. |
| Endpoint params | EndpointParams specifies additional parameters for requests to the token endpoint. |
OAuth2 JWT Authentication#
OAuth2 JWT require the following parameters
| Key | Description |
|---|---|
| Email is the OAuth client identifier used when communicating with the configured OAuth provider | |
| Private Key | PrivateKey contains the contents of an RSA private key or the contents of a PEM file that contains a privatekey |
| Private Key Identifier | Optional. PrivateKeyID contains an optional hint indicating which key is being used |
| Token URL | TokenURL is the endpoint required to complete the 2-legged JWT flow |
| Subject | Optional. Subject is the optional user to impersonate |
| Scopes | Scopes optionally specifies a list of requested permission scopes. Provide scopes as a comma separated values |
Azure Authentication#
If you want to authenticate your API endpoints via microsoft azure authentication, refer steps given here.
Azure Blob Storage key#
To retrieve content from azure blob storage, you need to provide the following information
- Azure storage account name
- Azure storage account key ( either primary key or secondary key)
AWS Authentication#
If you want to authenticate your API endpoints via amazon aws authentication, refer steps given here.