content/kapacitor/v1/administration/auth/kapacitor-auth.md
Use user-based authorizations and permissions stored in Kapacitor to authenticate requests to the Kapacitor HTTP API.
Create an admin user:
Set the following in the [auth] configuration group in your kapacitor.conf:
[auth]
enabled = true
cache-expiration = "1h"
bcrypt-cost = 4
meta-addr = ""
meta-username = ""
meta-password = ""
meta-use-tls = false
meta-ca = ""
meta-cert = ""
meta-key = ""
meta-insecure-skip-verify = false
Or use environment variables to set these configuration options:
export KAPACITOR_AUTH_ENABLED=true
export KAPACITOR_AUTH_BCRYPT=4
Start kapacitord using the updated configuration:
kapactord -config /path/to/kapacitor.conf
Use the /users endpoint of the Kapacitor HTTP API to create a new admin user.
In the request body, provide a JSON object with the following fields:
"admin"curl --request POST 'http://localhost:9092/kapacitor/v1/users' \
--data '{
"name": "exampleUsername",
"password": "examplePassword",
"type":"admin"
}'
Stop the kapacitord service.
Set [http].auth-enabled to true in your kapacitor.conf:
[http]
#...
auth-enabled: true
#...
Or use the KAPACITOR_HTTP_AUTH_ENABLED environment variable:
export KAPACITOR_HTTP_AUTH_ENABLED=true
Restart kapacitord with the updated configuration.
kapacitord -config /path/to/kapacitor.conf
(Optional) Create additional users with user-specific permissions. For more information, see:
To authenticate with Kapacitor when using the kapacitor CLI,
provide your username and password as part of the Kapacitor -url:
# Syntax
kapacitor -url http://<username>:<password>@localhost:9092
# Example
kapacitor -url http://admin:Pa5sw0Rd@localhost:9092
To authenticate directly with the Kapacitor API, use basic authentication to provide your username and password.
# Syntax
curl --request GET http://localhost:9092/kapacitor/v1/tasks \
-u "<username>:<password>"
# Example
curl --request GET http://localhost:9092/kapacitor/v1/tasks \
-u "johndoe:Pa5sw0Rd"