Open source


Infinity data source supports following authentication methods

  • No authentication
  • Basic authentication
  • Bearer token authentication
  • API key authentication
  • Digest authentication
  • OAuth passthrough
  • OAuth 2.0 client credentials
  • OAuth 2.0 JWT authentication
  • Azure authentication
  • Azure blob storage key
  • AWS authentication

No authentication

If your APIs don’t require any authentication, select the No Authentication method.


Basic authentication sends a username and password with your request. In the request headers, the Authorization header uses the Basic <BASE64_ENCODED_USERNAME_AND_PASSWORD> format.

Bearer token

Bearer token enable requests to authenticate using an access key, such as a JSON Web Token (JWT), personal access token. In the request headers, the Authorization header uses the Bearer <API_KEY> format.


If you need a custom prefix instead of Bearer prefix, use API key authentication instead with the key of Authorization.

API key

With API key authentication, you can send a key-value pair to the API via request headers or query parameters. API key authentication requires following parameters:

KeyKey of the API token. This becomes the key of the header or query parameter.
ValueValue of the API token
InAccepts header/query. Most APIs accept API keys via headers as a preferred way of sending API keys. Sending API keys via the query parameter is.


It’s easy to confuse API key authentication with bearer token authentication, make sure you are using the correct authentication mechanism.


Digest authentication enable requests to authenticate using RFC7616 HTTP Digest Access Authentication protocol.

OAuth passthrough

If your Grafana user is already authenticated via OAuth, this authentication method forwards the OAuth tokens to the API.

OAuth 2.0 client credentials

OAuth 2.0 client credentials require the following parameters:

Client IDClientID is the application’s ID
Client SecretClientSecret is the application’s secret.
Token URLTokenURL is the resource server’s token endpoint URL. This is a constant specific to each server.
ScopesScope specifies optional requested permissions.
Endpoint paramsEndpointParams specifies additional parameters for requests to the token endpoint.

OAuth 2.0 JWT

OAuth 2.0 JWT require the following parameters

EmailEmail is the OAuth client identifier used when communicating with the configured OAuth provider.
Private KeyPrivateKey contains the contents of an RSA private key or the contents of a PEM file that contains a private key.
Private Key IdentifierOptional. PrivateKeyID contains an optional hint indicating which key to use.
Token URLTokenURL is the endpoint required to complete the 2-legged JWT flow.
SubjectOptional. Subject is the optional user to impersonate.
ScopesScopes optionally specifies a list of requested permission scopes. Provide scopes as a comma separated values.


If you want to authenticate your API endpoints via Microsoft Azure authentication, refer to Azure authentication.

Azure Blob Storage key

To retrieve content from azure blob storage, you need to provide the following information

  • Azure storage account name
  • Azure storage account key (either primary key or secondary key)


If you want to authenticate your API endpoints via Amazon AWS authentication, refer to AWS authentication.