Organization API

The Organization HTTP API is divided in two resources, /api/org (current organization) and /api/orgs (admin organizations). One big difference between these are that the admin of all organizations API only works with basic authentication, see Admin Organizations API for more information.

If you are running Grafana Enterprise, for some endpoints you’ll need to have specific permissions. Refer to Role-based access control permissions for more information.

Current Organization API

Get current Organization

GET /api/org/

Required permissions

See note in the introduction for an explanation.

ActionScope
orgs:readN/A

Example Request:

  1. GET /api/org/ HTTP/1.1
  2. Accept: application/json
  3. Content-Type: application/json
  4. Authorization: Bearer eyJrIjoiT0tTcG1pUlY2RnVKZTFVaDFsNFZXdE9ZWmNrMkZYbk

Example Response:

  1. HTTP/1.1 200
  2. Content-Type: application/json
  3. {
  4. "id":1,
  5. "name":"Main Org."
  6. }

Get all users within the current organization

GET /api/org/users

Returns all org users within the current organization. Accessible to users with org admin role.

Required permissions

See note in the introduction for an explanation.

ActionScope
org.users:readusers:*

Example Request:

  1. GET /api/org/users HTTP/1.1
  2. Accept: application/json
  3. Content-Type: application/json
  4. Authorization: Bearer eyJrIjoiT0tTcG1pUlY2RnVKZTFVaDFsNFZXdE9ZWmNrMkZYbk

Example Response:

  1. HTTP/1.1 200
  2. Content-Type: application/json
  3. [
  4. {
  5. "orgId": 1,
  6. "userId": 1,
  7. "email": "admin@localhost",
  8. "avatarUrl": "/avatar/46d229b033af06a191ff2267bca9ae56",
  9. "login": "admin",
  10. "role": "Admin",
  11. "lastSeenAt": "2019-08-09T11:02:49+02:00",
  12. "lastSeenAtAge": "< 1m"
  13. }
  14. ]

Get all users within the current organization (lookup)

GET /api/org/users/lookup

Returns all org users within the current organization, but with less detailed information. Accessible to users with org admin role, admin in any folder or admin of any team. Mainly used by Grafana UI for providing list of users when adding team members and when editing folder/dashboard permissions.

Required permissions

See note in the introduction for an explanation.

ActionScope
org.users:readusers:*

Example Request:

  1. GET /api/org/users/lookup HTTP/1.1
  2. Accept: application/json
  3. Content-Type: application/json
  4. Authorization: Bearer eyJrIjoiT0tTcG1pUlY2RnVKZTFVaDFsNFZXdE9ZWmNrMkZYbk

Example Response:

  1. HTTP/1.1 200
  2. Content-Type: application/json
  3. [
  4. {
  5. "userId": 1,
  6. "login": "admin",
  7. "avatarUrl": "/avatar/46d229b033af06a191ff2267bca9ae56"
  8. }
  9. ]

Updates the given user

PATCH /api/org/users/:userId

Required permissions

See note in the introduction for an explanation.

ActionScope
org.users:writeusers:*

Example Request:

  1. PATCH /api/org/users/1 HTTP/1.1
  2. Accept: application/json
  3. Content-Type: application/json
  4. Authorization: Bearer eyJrIjoiT0tTcG1pUlY2RnVKZTFVaDFsNFZXdE9ZWmNrMkZYbk
  5. {
  6. "role": "Viewer",
  7. }

Example Response:

  1. HTTP/1.1 200
  2. Content-Type: application/json
  3. {"message":"Organization user updated"}

Delete user in current organization

DELETE /api/org/users/:userId

Required permissions

See note in the introduction for an explanation.

ActionScope
org.users:removeusers:*

Example Request:

  1. DELETE /api/org/users/1 HTTP/1.1
  2. Accept: application/json
  3. Content-Type: application/json
  4. Authorization: Bearer eyJrIjoiT0tTcG1pUlY2RnVKZTFVaDFsNFZXdE9ZWmNrMkZYbk

Example Response:

  1. HTTP/1.1 200
  2. Content-Type: application/json
  3. {"message":"User removed from organization"}

Update current Organization

PUT /api/org

Required permissions

See note in the introduction for an explanation.

ActionScope
orgs:writeN/A

Example Request:

  1. PUT /api/org HTTP/1.1
  2. Accept: application/json
  3. Content-Type: application/json
  4. Authorization: Bearer eyJrIjoiT0tTcG1pUlY2RnVKZTFVaDFsNFZXdE9ZWmNrMkZYbk
  5. {
  6. "name":"Main Org."
  7. }

Example Response:

  1. HTTP/1.1 200
  2. Content-Type: application/json
  3. {"message":"Organization updated"}

Add a new user to the current organization

POST /api/org/users

Adds a global user to the current organization.

Required permissions

See note in the introduction for an explanation.

ActionScope
org.users:addusers:*

Example Request:

  1. POST /api/org/users HTTP/1.1
  2. Accept: application/json
  3. Content-Type: application/json
  4. Authorization: Bearer eyJrIjoiT0tTcG1pUlY2RnVKZTFVaDFsNFZXdE9ZWmNrMkZYbk
  5. {
  6. "role": "Admin",
  7. "loginOrEmail": "admin"
  8. }

Example Response:

  1. HTTP/1.1 200
  2. Content-Type: application/json
  3. {"message":"User added to organization","userId":1}

Admin Organizations API

The Admin Organizations HTTP API does not currently work with an API Token. API Tokens are currently only linked to an organization and an organization role. They cannot be given the permission of server admin, only users can be given that permission. So in order to use these API calls you will have to use Basic Auth and the Grafana user must have the Grafana Admin permission (The default admin user is called admin and has permission to use this API).

Get Organization by Id

GET /api/orgs/:orgId

Only works with Basic Authentication (username and password), see introduction.

Required permissions

See note in the introduction for an explanation.

ActionScope
orgs:readN/A

Example Request:

  1. GET /api/orgs/1 HTTP/1.1
  2. Accept: application/json
  3. Content-Type: application/json

Example Response:

  1. HTTP/1.1 200
  2. Content-Type: application/json
  3. {
  4. "id":1,
  5. "name":"Main Org.",
  6. "address":{
  7. "address1":"",
  8. "address2":"",
  9. "city":"",
  10. "zipCode":"",
  11. "state":"",
  12. "country":""
  13. }
  14. }

Get Organization by Name

GET /api/orgs/name/:orgName

Only works with Basic Authentication (username and password), see introduction.

Required permissions

See note in the introduction for an explanation.

ActionScopeNote
orgs:readN/ANeeds to be assigned globally.

Example Request:

  1. GET /api/orgs/name/Main%20Org%2E HTTP/1.1
  2. Accept: application/json
  3. Content-Type: application/json

Example Response:

  1. HTTP/1.1 200
  2. Content-Type: application/json
  3. {
  4. "id":1,
  5. "name":"Main Org.",
  6. "address":{
  7. "address1":"",
  8. "address2":"",
  9. "city":"",
  10. "zipCode":"",
  11. "state":"",
  12. "country":""
  13. }
  14. }

Create Organization

POST /api/orgs

Only works with Basic Authentication (username and password), see introduction.

Required permissions

See note in the introduction for an explanation.

ActionScopeNote
orgs:createN/ANeeds to be assigned globally.

Example Request:

  1. POST /api/orgs HTTP/1.1
  2. Accept: application/json
  3. Content-Type: application/json
  4. {
  5. "name":"New Org."
  6. }

Note: The api will work in the following two ways

  1. Need to set GF_USERS_ALLOW_ORG_CREATE=true
  2. Set the config value users.allow_org_create to true in ini file

Example Response:

  1. HTTP/1.1 200
  2. Content-Type: application/json
  3. {
  4. "orgId":"1",
  5. "message":"Organization created"
  6. }

Search all Organizations

GET /api/orgs?perpage=10&page=1

Only works with Basic Authentication (username and password), see introduction.

Required permissions

See note in the introduction for an explanation.

ActionScopeNote
orgs:readN/ANeeds to be assigned globally.

Example Request:

  1. GET /api/orgs HTTP/1.1
  2. Accept: application/json
  3. Content-Type: application/json

Note: The api will only work when you pass the admin name and password to the request HTTP URL, like http://admin:admin@localhost:3000/api/orgs

Default value for the perpage parameter is 1000 and for the page parameter is 0.

Example Response:

  1. HTTP/1.1 200
  2. Content-Type: application/json
  3. [
  4. {
  5. "id":1,
  6. "name":"Main Org."
  7. }
  8. ]

Update Organization

PUT /api/orgs/:orgId

Update Organization, fields Address 1, Address 2, City are not implemented yet. Only works with Basic Authentication (username and password), see introduction.

Required permissions

See note in the introduction for an explanation.

ActionScope
orgs:writeN/A

Example Request:

  1. PUT /api/orgs/1 HTTP/1.1
  2. Accept: application/json
  3. Content-Type: application/json
  4. {
  5. "name":"Main Org 2."
  6. }

Example Response:

  1. HTTP/1.1 200
  2. Content-Type: application/json
  3. {"message":"Organization updated"}

Delete Organization

DELETE /api/orgs/:orgId

Only works with Basic Authentication (username and password), see introduction.

Required permissions

See note in the introduction for an explanation.

ActionScope
orgs:deleteN/A

Example Request:

  1. DELETE /api/orgs/1 HTTP/1.1
  2. Accept: application/json

Example Response:

  1. HTTP/1.1 200
  2. Content-Type: application/json
  3. {"message":"Organization deleted"}

Get Users in Organization

GET /api/orgs/:orgId/users

Only works with Basic Authentication (username and password), see introduction.

Required permissions

See note in the introduction for an explanation.

ActionScope
org.users:readusers:*

Example Request:

  1. GET /api/orgs/1/users HTTP/1.1
  2. Accept: application/json
  3. Content-Type: application/json

Note: The api will only work when you pass the admin name and password to the request HTTP URL, like http://admin:admin@localhost:3000/api/orgs/1/users

Example Response:

  1. HTTP/1.1 200
  2. Content-Type: application/json
  3. [
  4. {
  5. "orgId":1,
  6. "userId":1,
  7. "email":"admin@mygraf.com",
  8. "login":"admin",
  9. "role":"Admin"
  10. }
  11. ]

Add User in Organization

POST /api/orgs/:orgId/users

Only works with Basic Authentication (username and password), see introduction.

Required permissions

See note in the introduction for an explanation.

ActionScope
org.users:addusers:*

Example Request:

  1. POST /api/orgs/1/users HTTP/1.1
  2. Accept: application/json
  3. Content-Type: application/json
  4. {
  5. "loginOrEmail":"user",
  6. "role":"Viewer"
  7. }

Example Response:

  1. HTTP/1.1 200
  2. Content-Type: application/json
  3. {"message":"User added to organization", "userId": 1}

Update Users in Organization

PATCH /api/orgs/:orgId/users/:userId

Only works with Basic Authentication (username and password), see introduction.

Required permissions

See note in the introduction for an explanation.

ActionScope
org.users:writeusers:*

Example Request:

  1. PATCH /api/orgs/1/users/2 HTTP/1.1
  2. Accept: application/json
  3. Content-Type: application/json
  4. {
  5. "role":"Admin"
  6. }

Example Response:

  1. HTTP/1.1 200
  2. Content-Type: application/json
  3. {"message":"Organization user updated"}

Delete User in Organization

DELETE /api/orgs/:orgId/users/:userId

Only works with Basic Authentication (username and password), see introduction.

Required permissions

See note in the introduction for an explanation.

ActionScope
org.users:removeusers:*

Example Request:

  1. DELETE /api/orgs/1/users/2 HTTP/1.1
  2. Accept: application/json
  3. Content-Type: application/json

Example Response:

  1. HTTP/1.1 200
  2. Content-Type: application/json
  3. {"message":"User removed from organization"}