菜单
文档breadcrumb arrow Grafana 文档breadcrumb arrow 开发者breadcrumb arrow HTTP APIbreadcrumb arrow Admin HTTP API
Enterprise Open source

Admin API

注意

您不能使用服务账户令牌对 Admin HTTP API 进行身份验证。服务账户仅限于组织和组织角色。它们不能被授予Grafana 服务器管理员权限

要使用这些 API 端点,您必须使用 Basic 认证,并且 Grafana 用户必须拥有 Grafana 服务器管理员权限。

Grafana 默认配置的 admin 用户拥有使用这些 API 端点的权限。

如果您正在运行 Grafana Enterprise,某些端点需要您拥有特定权限。有关更多信息,请参阅基于角色的访问控制权限

获取设置

GET /api/admin/settings

仅适用于基本认证(用户名和密码)。有关解释,请参阅简介

所需权限

有关解释,请参阅简介中的说明。

操作范围
settings:readsettings:***
settings:auth.saml:*
settings:auth.saml:enabled (属性级别)

请求示例:

http 
GET /api/admin/settings
Accept: application/json
Content-Type: application/json

响应示例:

http 
HTTP/1.1 200
Content-Type: application/json

{
  "DEFAULT": {
    "app_mode":"production"
  },
  "analytics": {
    "google_analytics_ua_id":"",
    "reporting_enabled":"false"
  },
  "auth.anonymous":{
    "enabled":"true",
    "org_name":"Main Org.",
    "org_role":"Viewer"
  },
  "auth.basic":{
    "enabled":"false"
  },
  "auth.github":{
    "allow_sign_up":"false",
    "allowed_domains":"",
    "allowed_organizations":"",
    "api_url":"https://api.github.com/user",
    "auth_url":"https://github.com/login/oauth/authorize",
    "client_id":"some_id",
    "client_secret":"************",
    "enabled":"false",
    "scopes":"user:email,read:org",
    "team_ids":"",
    "token_url":"https://github.com/login/oauth/access_token"
  },
  "auth.google":{
    "allow_sign_up":"false","allowed_domains":"",
    "api_url":"https://www.googleapis.com/oauth2/v1/userinfo",
    "auth_url":"https://#/o/oauth2/auth",
    "client_id":"some_client_id",
    "client_secret":"************",
    "enabled":"false",
    "scopes":"https://www.googleapis.com/auth/userinfo.profile https://www.googleapis.com/auth/userinfo.email",
    "token_url":"https://#/o/oauth2/token"
  },
  "auth.ldap":{
    "config_file":"/etc/grafana/ldap.toml",
    "enabled":"false"
  },
  "auth.proxy":{
    "auto_sign_up":"true",
    "enabled":"false",
    "header_name":"X-WEBAUTH-USER",
    "header_property":"username"
  },
  "dashboards.json":{
    "enabled":"false",
    "path":"/var/lib/grafana/dashboards"
  },
  "database":{
    "host":"127.0.0.1:0000",
    "name":"grafana",
    "password":"************",
    "path":"grafana.db",
    "ssl_mode":"disable",
    "type":"sqlite3",
    "user":"root"
  },
  "emails":{
    "templates_pattern":"emails/*.html, emails/*.txt",
    "welcome_email_on_sign_up":"false",
    "content_types":"text/html"
  },
  "log":{
    "buffer_len":"10000",
    "level":"Info",
    "mode":"file"
  },
  "log.console":{
    "level":""
  },
  "log.file":{
    "daily_rotate":"true",
    "file_name":"",
    "level":"",
    "log_rotate":"true",
    "max_days":"7",
    "max_lines":"1000000",
    "max_lines_shift":"28",
    "max_size_shift":""
  },
  "paths":{
    "data":"/tsdb/grafana",
    "logs":"/logs/apps/grafana"},
    "security":{
    "admin_password":"************",
    "admin_user":"admin",
    "cookie_remember_name":"grafana_remember",
    "cookie_username":"grafana_user",
    "disable_gravatar":"false",
    "login_remember_days":"7",
    "secret_key":"************"
  },
  "server":{
    "cert_file":"",
    "cert_key":"",
    "certs_watch_interval": "0s",
    "domain":"mygraf.com",
    "enable_gzip":"false",
    "enforce_domain":"false",
    "http_addr":"127.0.0.1",
    "http_port":"0000",
    "protocol":"http",
    "root_url":"%(protocol)s://%(domain)s:%(http_port)s/",
    "router_logging":"true",
    "data_proxy_logging":"true",
    "static_root_path":"public"
  },
  "session":{
    "cookie_name":"grafana_sess",
    "cookie_secure":"false",
    "gc_interval_time":"",
    "provider":"file",
    "provider_config":"sessions",
    "session_life_time":"86400"
  },
  "smtp":{
    "cert_file":"",
    "enabled":"false",
    "from_address":"admin@grafana.localhost",
    "from_name":"Grafana",
    "ehlo_identity":"dashboard.example.com",
    "host":"localhost:25",
    "key_file":"",
    "password":"************",
    "skip_verify":"false",
    "user":""
  },
  "users":{
    "allow_org_create":"true",
    "allow_sign_up":"false",
    "auto_assign_org":"true",
    "auto_assign_org_role":"Viewer"
  }
}

更新设置

PUT /api/admin/settings

注意

在 Grafana Enterprise v8.0+ 中可用。

更新/移除并重新加载数据库设置。您必须提供 updatesremovals 或两者。

此端点仅支持对 auth.saml 配置的更改。

所需权限

有关解释,请参阅简介中的说明。

操作范围
settings:writesettings:***
settings:auth.saml:*
settings:auth.saml:enabled (属性级别)

请求示例

http 
PUT /api/admin/settings
Accept: application/json
Content-Type: application/json
Authorization: Bearer eyJrIjoiT0tTcG1pUlY2RnVKZTFVaDFsNFZXdE9ZWmNrMkZYbk

{
  "updates": {
    "auth.saml": {
      "enabled": "true"
    }
  },
  "removals": {
    "auth.saml": ["single_logout"]
  },
}

响应示例

http 
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 32

{
  "message":"Settings updated"
}

状态码

  • 200 - OK
  • 400 - Bad Request
  • 401 - Unauthorized
  • 403 - Forbidden
  • 500 - Internal Server Error

Grafana 统计信息

GET /api/admin/stats

仅适用于基本认证(用户名和密码)。有关解释,请参阅简介

所需权限

有关解释,请参阅简介中的说明。

操作范围
server.stats:read不适用

请求示例:

http 
GET /api/admin/stats
Accept: application/json
Content-Type: application/json

响应示例:

http 
HTTP/1.1 200
Content-Type: application/json

{
  "users":2,
  "orgs":1,
  "dashboards":4,
  "snapshots":2,
  "tags":6,
  "datasources":1,
  "playlists":1,
  "stars":2,
  "alerts":2,
  "activeUsers":1
}

Grafana 使用报告预览

GET /api/admin/usage-report-preview

预览将发送给供应商的使用报告。

仅适用于基本认证(用户名和密码)。有关解释,请参阅简介

请求示例:

http 
GET /api/admin/usage-report-preview
Accept: application/json
Content-Type: application/json

响应示例:

http 
HTTP/1.1 200
Content-Type: application/json

{
	"version": "8_4_0",
	"metrics": {
		"stats.active_admins.count": 1,
		"stats.active_editors.count": 1,
		"stats.active_sessions.count": 0,
		"stats.active_users.count": 2,
		"stats.active_viewers.count": 0,
		"stats.admins.count": 1,
		"stats.alert_rules.count": 0,
		"stats.alerting.ds.other.count": 0,
		"stats.alerts.count": 5,
		"stats.annotations.count": 6,
		"stats.api_keys.count": 1
  }
}

全局用户

POST /api/admin/users

创建新用户。仅适用于基本认证(用户名和密码)。有关解释,请参阅简介

所需权限

有关解释,请参阅简介中的说明。

操作范围
users:create不适用

请求示例:

http 
POST /api/admin/users HTTP/1.1
Accept: application/json
Content-Type: application/json

{
  "name":"User",
  "email":"user@graf.com",
  "login":"user",
  "password":"userpassword",
  "OrgId": 1
}

请注意,OrgId 是一个可选参数,当auto_assign_org 设置为 true 时,可用于将新用户分配到不同的组织。

响应示例:

http 
HTTP/1.1 200
Content-Type: application/json

{"id":5,"message":"User created"}

用户密码

PUT /api/admin/users/:id/password

仅适用于基本认证(用户名和密码)。有关解释,请参阅简介。更改特定用户的密码。

所需权限

有关解释,请参阅简介中的说明。

操作范围
users.password:writeglobal.users:*

请求示例:

http 
PUT /api/admin/users/2/password HTTP/1.1
Accept: application/json
Content-Type: application/json

{"password":"userpassword"}

响应示例:

http 
HTTP/1.1 200
Content-Type: application/json

{"message": "User password updated"}

权限

PUT /api/admin/users/:id/permissions

仅适用于基本认证(用户名和密码)。有关解释,请参阅简介

所需权限

有关解释,请参阅简介中的说明。

操作范围
users.permissions:writeglobal.users:*

请求示例:

http 
PUT /api/admin/users/2/permissions HTTP/1.1
Accept: application/json
Content-Type: application/json

{"isGrafanaAdmin": true}

响应示例:

http 
HTTP/1.1 200
Content-Type: application/json

{"message": "User permissions updated"}

删除全局用户

DELETE /api/admin/users/:id

仅适用于基本认证(用户名和密码)。有关解释,请参阅简介

所需权限

有关解释,请参阅简介中的说明。

操作范围
users:deleteglobal.users:*

请求示例:

http 
DELETE /api/admin/users/2 HTTP/1.1
Accept: application/json
Content-Type: application/json

响应示例:

http 
HTTP/1.1 200
Content-Type: application/json

{"message": "User deleted"}

用户认证令牌

GET /api/admin/users/:id/auth-tokens

返回用户当前已登录的所有认证令牌(设备)列表。

仅适用于基本认证(用户名和密码)。有关解释,请参阅简介

所需权限

有关解释,请参阅简介中的说明。

操作范围
users.authtoken:readglobal.users:*

请求示例:

http 
GET /api/admin/users/1/auth-tokens HTTP/1.1
Accept: application/json
Content-Type: application/json

响应示例:

http 
HTTP/1.1 200
Content-Type: application/json

[
  {
    "id": 361,
    "isActive": false,
    "clientIp": "127.0.0.1",
    "browser": "Chrome",
    "browserVersion": "72.0",
    "os": "Linux",
    "osVersion": "",
    "device": "Other",
    "createdAt": "2019-03-05T21:22:54+01:00",
    "seenAt": "2019-03-06T19:41:06+01:00"
  },
  {
    "id": 364,
    "isActive": false,
    "clientIp": "127.0.0.1",
    "browser": "Mobile Safari",
    "browserVersion": "11.0",
    "os": "iOS",
    "osVersion": "11.0",
    "device": "iPhone",
    "createdAt": "2019-03-06T19:41:19+01:00",
    "seenAt": "2019-03-06T19:41:21+01:00"
  }
]

撤销用户认证令牌

POST /api/admin/users/:id/revoke-auth-token

撤销给定用户的认证令牌(设备)。持有该认证令牌(设备)的用户将不再处于登录状态,下次活动时需要重新认证。

仅适用于基本认证(用户名和密码)。有关解释,请参阅简介

所需权限

有关解释,请参阅简介中的说明。

操作范围
users.authtoken:writeglobal.users:*

请求示例:

http 
POST /api/admin/users/1/revoke-auth-token HTTP/1.1
Accept: application/json
Content-Type: application/json

{
  "authTokenId": 364
}

响应示例:

http 
HTTP/1.1 200
Content-Type: application/json

{
  "message": "User auth token revoked"
}

用户登出

POST /api/admin/users/:id/logout

用户登出会撤销用户的所有认证令牌(设备)。持有这些认证令牌(设备)的用户将不再处于登录状态,下次活动时需要重新认证。

仅适用于基本认证(用户名和密码)。有关解释,请参阅简介

所需权限

有关解释,请参阅简介中的说明。

操作范围
users.logoutglobal.users:*

请求示例:

http 
POST /api/admin/users/1/logout HTTP/1.1
Accept: application/json
Content-Type: application/json

响应示例:

http 
HTTP/1.1 200
Content-Type: application/json

{
  "message": "User auth token revoked"
}

重新加载配置

POST /api/admin/provisioning/dashboards/reload

POST /api/admin/provisioning/datasources/reload

POST /api/admin/provisioning/plugins/reload

POST /api/admin/provisioning/access-control/reload

POST /api/admin/provisioning/alerting/reload

重新加载指定类型的配置文件并再次配置实体。只有当新的配置实体已存储在数据库中时才会返回。对于仪表盘,它将停止对仪表盘文件更改的轮询,并在返回后使用新配置重新启动。

仅适用于基本认证(用户名和密码)。有关解释,请参阅简介

所需权限

有关解释,请参阅简介中的说明。

操作范围配置实体
provisioning:reloadprovisioners:accesscontrolaccesscontrol
provisioning:reloadprovisioners:dashboardsdashboards
provisioning:reloadprovisioners:datasourcesdatasources
provisioning:reloadprovisioners:pluginsplugins
provisioning:reloadprovisioners:alertingalerting

请求示例:

http 
POST /api/admin/provisioning/dashboards/reload HTTP/1.1
Accept: application/json
Content-Type: application/json

响应示例:

http 
HTTP/1.1 200
Content-Type: application/json

{
  "message": "Dashboards config reloaded"
}

重新加载 LDAP 配置

POST /api/admin/ldap/reload

重新加载 LDAP 配置。

仅适用于基本认证(用户名和密码)。有关解释,请参阅简介

请求示例:

http 
POST /api/admin/ldap/reload HTTP/1.1
Accept: application/json
Content-Type: application/json

响应示例:

http 
HTTP/1.1 200
Content-Type: application/json

{
  "message": "LDAP config reloaded"
}

旋转数据加密密钥

POST /api/admin/encryption/rotate-data-keys

旋转数据加密密钥。

请求示例:

http 
POST /api/admin/encryption/rotate-data-keys HTTP/1.1
Accept: application/json
Content-Type: application/json

响应示例:

http 
HTTP/1.1 204
Content-Type: application/json

重新加密数据加密密钥

POST /api/admin/encryption/reencrypt-data-keys

重新加密数据加密密钥。

请求示例:

http 
POST /api/admin/encryption/reencrypt-data-keys HTTP/1.1
Accept: application/json
Content-Type: application/json

响应示例:

http 
HTTP/1.1 204
Content-Type: application/json

重新加密密钥

POST /api/admin/encryption/reencrypt-secrets

重新加密密钥。

请求示例:

http 
POST /api/admin/encryption/reencrypt-secrets HTTP/1.1
Accept: application/json
Content-Type: application/json

响应示例:

http 
HTTP/1.1 204
Content-Type: application/json

回滚密钥

POST /api/admin/encryption/rollback-secrets

回滚密钥。

请求示例:

http 
POST /api/admin/encryption/rollback-secrets HTTP/1.1
Accept: application/json
Content-Type: application/json

响应示例:

http 
HTTP/1.1 204
Content-Type: application/json