API authentication: tokens vs username/password

[Aleksey-Kudryavtsev]

Hello,

Is using tokens preferable over basic auth (username/password) for API requests?

Is it correct that when initially provided only with username/password a client application should start by creating a token and continue using the token instead of username/password for all it's API requests? (this is how Grafana appears to work with influxdb2 but I cannot find any direct recommendations to follow this approach anywhere in the influxdb2 docs)

[jeffreyssmith2nd]

In general, it is always best practice to use tokens when doing API/application to application requests if possible. Tokens are more easily scoped and revoked than passwords. Influx will support either however, there is no technical/performance reason to use one or the other, just security/general hygiene.