Documentation Index
Fetch the complete documentation index at: https://mintlify.com/aiven/aiven-docs/llms.txt
Use this file to discover all available pages before exploring further.
Manage users and credentials for your Aiven services. Each service can have multiple users with different credentials and access levels.
List service users
Retrieve all users for a service.
GET /v1/project/{project}/service/{service_name}/user
Request example
curl -X GET "https://api.aiven.io/v1/project/my-project/service/pg-demo/user" \
-H "Authorization: aivenv1 YOUR_TOKEN"
Response
List of service user objects
User type: primary, regular, or admin
User password (only returned for newly created users)
Client certificate for certificate-based authentication
Client key for certificate-based authentication
Response example
{
"users": [
{
"username": "avnadmin",
"type": "primary"
},
{
"username": "app_user",
"type": "regular"
}
]
}
Create service user
Create a new user for a service.
POST /v1/project/{project}/service/{service_name}/user
Request body
Username (3-63 characters, alphanumeric and underscores)
Authentication method: caching_sha2_password (MySQL) or scram-sha-256 (PostgreSQL)
Request example
curl -X POST "https://api.aiven.io/v1/project/my-project/service/pg-demo/user" \
-H "Authorization: aivenv1 YOUR_TOKEN" \
-H "Content-Type: application/json" \
-d '{
"username": "app_user"
}'
Response
The newly created user object with generated password
The password is only returned once during user creation. Store it securely immediately.
Response example
{
"user": {
"username": "app_user",
"type": "regular",
"password": "GENERATED_PASSWORD_HERE"
}
}
Reset user password
Reset the password for a service user.
PUT /v1/project/{project}/service/{service_name}/user/{username}
Request body
Must be reset-credentials
Request example
curl -X PUT "https://api.aiven.io/v1/project/my-project/service/pg-demo/user/app_user" \
-H "Authorization: aivenv1 YOUR_TOKEN" \
-H "Content-Type: application/json" \
-d '{
"operation": "reset-credentials"
}'
Response
User object with new password
Response example
{
"user": {
"username": "app_user",
"type": "regular",
"password": "NEW_GENERATED_PASSWORD"
}
}
Delete service user
Delete a user from a service.
DELETE /v1/project/{project}/service/{service_name}/user/{username}
You cannot delete the primary service user (typically avnadmin). Ensure no applications are using this user before deletion.
Request example
curl -X DELETE "https://api.aiven.io/v1/project/my-project/service/pg-demo/user/app_user" \
-H "Authorization: aivenv1 YOUR_TOKEN"
Response
Returns 200 OK with an empty response body on success.
Get service connection info
Retrieve connection information for a service including host, port, and credentials.
GET /v1/project/{project}/service/{service_name}/connection_info
Request example
curl -X GET "https://api.aiven.io/v1/project/my-project/service/pg-demo/connection_info" \
-H "Authorization: aivenv1 YOUR_TOKEN"
Response
Default database name (for database services)
CA certificate for TLS connections
Response example
{
"host": "pg-demo-project.aivencloud.com",
"port": 12345,
"user": "avnadmin",
"password": "REDACTED",
"database": "defaultdb",
"uri": "postgres://avnadmin:REDACTED@pg-demo-project.aivencloud.com:12345/defaultdb?sslmode=require",
"ca_cert": "-----BEGIN CERTIFICATE-----\n..."
}
Kafka user ACL management
For Apache Kafka services, you can manage user ACLs (Access Control Lists) to control topic access.
Create Kafka ACL
POST /v1/project/{project}/service/{service_name}/acl
Request body
Topic name or pattern (use * for all topics)
Permission level: read, write, readwrite, or admin
Request example
curl -X POST "https://api.aiven.io/v1/project/my-project/service/kafka-prod/acl" \
-H "Authorization: aivenv1 YOUR_TOKEN" \
-H "Content-Type: application/json" \
-d '{
"username": "app_user",
"topic": "events.*",
"permission": "readwrite"
}'
List Kafka ACLs
GET /v1/project/{project}/service/{service_name}/acl
curl -X GET "https://api.aiven.io/v1/project/my-project/service/kafka-prod/acl" \
-H "Authorization: aivenv1 YOUR_TOKEN"
