Authenticating to the Instana REST API

To interact with the Instana REST API, you must authenticate your requests. Authentication is necessary to make sure that only authorized users can access and modify data. Instana supports API Token Authentication, which provides a simple and secure way to authenticate your API requests.

API token authentication

API tokens are a secure way to authenticate your requests. Each token is associated with a specific user or service and carries the permissions that are granted to that user or service. API token authentication is ideal for server-to-server communication or for applications that do not require user-level access.

Generating an API token

To generate an API token:

  1. Log in to your Instana account.
  2. Go to Account Settings > API Tokens.
  3. Click Create New Token.
  4. Provide a name for your token to identify it later.
  5. Select the appropriate permissions for the token.
  6. Click Create to generate the token.

Using the API token

To authenticate a request by using an API token, include the token in the Authorization header of your HTTP request:

GET /api/application-monitoring/applications HTTP/1.1
Host: https://{tenant}-{unit}.instana.io/api
Authorization: apiToken {api_token}

Replace {api_token} with the token that you generated and your {tenant} and {unit}.

Best practices

When you use API token authentication, consider the following best practices:

  • Keep your tokens secure: Store API tokens securely and do not expose them in your client-side code or share them publicly.
  • Use environment variables: When you deploy applications, store tokens in environment variables instead of hardcoding them in your source code.
  • Regularly rotate tokens: Regularly generate new API tokens and revoke old ones to minimize the risk of unauthorized access.

Error handling

If authentication fails, the Instana REST API returns a 401 Unauthorized error. Make sure that your API token is correct and has the necessary permissions.

Example of a failed authentication response:

{
  "error": "Unauthorized",
  "message": "Invalid API token"
}