8.6 KiB
| title | description | menu | weight | list_code_example | aliases | related | ||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Revoke a database token | Use the Admin UI, the [`influxctl token revoke` command](/influxdb3/cloud-dedicated/reference/cli/influxctl/token/revoke/), or the [Management HTTP API](/influxdb3/cloud-dedicated/api/management/) to revoke a database token associated with your {{% product-name omit=" Clustered" %}} cluster and remove all permissions associated with the token. Provide the ID of the database token you want to revoke. |
|
203 | ##### CLI ```sh influxctl token revoke <TOKEN_ID> ``` ##### API ```sh curl \ --location "https://console.influxdata.com/api/v0/accounts/ACCOUNT_ID/clusters/CLUSTER_ID/tokens/TOKEN_ID" \ --request DELETE \ --header "Accept: application/json" \ --header "Authorization: Bearer $MANAGEMENT_TOKEN" \ ``` |
|
|
Use the influxctl CLI
or the Management HTTP API
to revoke a database token associated with your
{{< product-name omit=" Clustered" >}} cluster.
{{< tabs-wrapper >}} {{% tabs %}} Admin UI influxctl Management API {{% /tabs %}} {{% tab-content %}}
The InfluxDB Cloud Dedicated administrative UI includes a portal for creating and managing database tokens.
Administrators can use this portal to:
- View token details
- Add read and write permissions for specific databases to a token
- Edit a token's existing read and write permissions for a database
- Create a database token
- Revoke a database token
-
To access the {{< product-name >}} Admin UI, visit the following URL in your browser:
https://{{< influxdb/host >}} -
Use the credentials provided by InfluxData to log into the Admin UI. If you don't have login credentials, contact InfluxData support.
-
After you log in, the Account Management portal displays account information and the list of clusters associated with your account.
-
Click the row for the cluster that contains the database you want to manage tokens for. You can Search clusters by name or ID to filter the list and use the sort button and column headers to sort the list.
-
Click the Database Tokens button in the upper right corner of the Cluster screen.
-
The Database Tokens portal displays the list of database tokens associated with the cluster. Use the sort and filter options above the list to find a specific token.
-
Click the Options button (three vertical dots) to the right of the token you want to revoke.
-
In the options menu, click Revoke Token. The Revoke Database Token dialog displays.
{{< img-hd src="/img/influxdb3/cloud-dedicated-admin-ui-revoke-database-token.png" alt="Revoke database token dialog" />}}
-
Check the box to confirm that you understand the risk.
-
Click the Revoke Token button. The token is revoked and filtered from the list of active tokens. {{% /tab-content %}} {{% tab-content %}}
Use the influxctl token revoke command
to revoke a database token and remove all permissions associated with the token.
-
If you haven't already, download and install the
influxctlCLI, and then configure aninfluxctlconnection profile for your cluster. -
To list token IDs, run the
influxctl token listcommand in your terminal.influxctl token listCopy the token ID of the token you want to revoke.
-
Run the
influxctl token revokecommand and provide the following:- Token ID to revoke
-
Confirm that you want to revoke the token.
{{% code-placeholders "TOKEN_ID" %}}
influxctl token revoke TOKEN_ID
{{% /code-placeholders %}}
{{% /tab-content %}} {{% tab-content %}}
This example uses cURL to send a Management HTTP API request, but you can use any HTTP client.
-
If you haven't already, follow the instructions to install cURL for your system.
-
In your terminal, use cURL to send a request to the following {{% product-name %}} endpoint:
{{% api-endpoint endpoint="https://console.influxdata.com/api/v0/accounts/ACCOUNT_ID/clusters/CLUSTER_ID/tokens/TOKEN_ID" method="delete" api-ref="/influxdb3/cloud-dedicated/api/management/#operation/DeleteDatabaseToken" %}}
In the URL, provide the following:
ACCOUNT_ID: The ID of the account that the cluster belongs to (see how to list cluster details).CLUSTER_ID: The ID of the cluster that you want to manage (see how to list cluster details).TOKEN_ID: The ID of the database token that you want to revoke (see how to list token details).
Provide the following request headers:
Accept: application/jsonto ensure the response body is JSON contentAuthorization: Bearerand a Management API token for your cluster (see how to create a management token for Management API requests).
Specify the
DELETErequest method.
The following example shows how to use the Management API to revoke a database token and remove all permissions associated with the token:
{{% code-placeholders "TOKEN_ID|ACCOUNT_ID|CLUSTER_ID|MANAGEMENT_TOKEN" %}}
curl \
--location "https://console.influxdata.com/api/v0/accounts/ACCOUNT_ID/clusters/CLUSTER_ID/tokens/TOKEN_ID" \
--request DELETE \
--header "Accept: application/json" \
--header "Authorization: Bearer $MANAGEMENT_TOKEN" \
{{% /code-placeholders %}}
Replace the following:
- {{% code-placeholder-key %}}
ACCOUNT_ID{{% /code-placeholder-key %}}: the ID of the {{% product-name %}} account associated with the token you want to revoke - {{% code-placeholder-key %}}
CLUSTER_ID{{% /code-placeholder-key %}}: the ID of the {{% product-name omit=" Clustered" %}} cluster associated with the token you want to revoke - {{% code-placeholder-key %}}
MANAGEMENT TOKEN{{% /code-placeholder-key %}}: a management token for your {{% product-name omit=" Clustered" %}} cluster - {{% code-placeholder-key %}}
TOKEN_ID{{% /code-placeholder-key %}}: the ID of the database token to revoke
{{% /tab-content %}} {{< /tabs-wrapper >}}
[!Warning]
Revoking a token is immediate and cannot be undone
Revoking a database token is a destructive action that takes place immediately and cannot be undone.
Rotate revoked tokens
After revoking a database token, any clients using the revoked token need to be updated with a new database token to continue to interact with your {{% product-name omit=" Clustered" %}} cluster.