API Authentication #

All HTTP endpoints of INFINI Agent require token-based authentication. The token is generated automatically at startup — no manual configuration needed.

Getting the Token #

After the agent starts, the token is printed to the log at info level:

[INF] [auth_token.go] [agent] api token: d70v0i4bd4atkku9ftlg

A new token is generated on every restart.

Verifying the Token #

Use POST /login to verify the token and confirm it is valid:

curl -X POST http://localhost:2900/login \
  -H "Content-Type: application/json" \
  -d '{"token": "d70v0i4bd4atkku9ftlg"}'

Success (200):

{"acknowledged": true}

Failure (401):

{"status": 401, "error": {"reason": "invalid login"}}

Calling Other Endpoints #

Include the token in the X-API-TOKEN header on every request:

curl http://localhost:2900/elasticsearch/node/_discovery \
  -H "X-API-TOKEN: d70v0i4bd4atkku9ftlg"

Requests without the header, or with an incorrect token, receive a 401 response:

{"status": 401, "error": {"reason": "invalid login"}}