Articles

Fix Grafana "Service Account Not Found" API Errors (2026)

April 18, 2026 4 min read

Grafana’s API is refusing requests because it can’t find the service account you’re trying to use. This usually means the service account doesn’t exist, is misconfigured, or the API request itself is malformed.

Common Causes and Fixes

1. Service Account Does Not Exist

  • Diagnosis: Check if the service account actually exists in Grafana.
    curl -u admin:admin_password 'http://localhost:3000/api/serviceaccounts'
    (Replace admin:admin_password and http://localhost:3000 with your Grafana credentials and URL.)
  • Fix: If it’s missing, create it.
    curl -X POST -u admin:admin_password \
  -H 'Content-Type: application/json' \
  -d '{"name": "my-service-account", "role": "Viewer"}' \
  'http://localhost:3000/api/serviceaccounts'
    This command creates a new service account named my-service-account with the Viewer role. The API creates a new service account identity that Grafana can then use for authentication.
  • Why it works: Grafana’s API requires a valid, existing service account ID or name to process requests. If it’s not in the database, it can’t be found.

2. Incorrect Service Account ID or Name in API Request

  • Diagnosis: Verify the serviceAccountId or name you’re using in your API call matches exactly what’s registered in Grafana. Case sensitivity matters.
  • Fix: Update your API request to use the correct identifier. For example, if you’re using the ID:
    # Example API call using service account ID
curl -X GET 'http://localhost:3000/api/serviceaccounts/12345'
    If you’re using the name (less common for direct lookups, more for creation/listing):
    # Example API call listing service accounts by name filter
curl -u admin:admin_password 'http://localhost:3000/api/serviceaccounts?name=my-service-account'
    Ensure the ID 12345 or the name my-service-account is precisely what you see in Grafana’s UI or via the /api/serviceaccounts endpoint.
  • Why it works: The API endpoint is designed to look up a specific resource. Providing an incorrect identifier means Grafana searches for something that doesn’t exist, leading to a "not found" error.

3. Service Account Token Mismatch or Expiration

  • Diagnosis: While the error is "Service Account Not Found," sometimes a malformed or expired token can manifest this way if the token’s associated service account is no longer valid or if the token itself isn’t correctly linked. Check the token’s expiration and validity.
  • Fix: Generate a new token for the service account. Navigate to Grafana -> Server Admin -> Service Accounts -> [Your Service Account] -> Tokens and click "Create token". Use this new token in your API request, typically in the Authorization header:
    curl -H 'Authorization: Bearer YOUR_NEW_SERVICE_ACCOUNT_TOKEN' 'http://localhost:3000/api/dashboards/uid/YOUR_DASHBOARD_UID'
    This replaces the old token with a fresh, valid one, ensuring the API can authenticate and authorize the request using the service account.
  • Why it works: Service account tokens are credentials. If they are invalid, expired, or revoked, the API cannot establish a valid session with the service account, even if the account itself exists.

4. Incorrect Role or Permissions for the API Endpoint

  • Diagnosis: The service account might exist, but it doesn’t have the necessary permissions to access the specific API endpoint you’re hitting. This can sometimes be reported as "not found" if the authorization layer checks for existence and permissions in a combined step.
  • Fix: Grant the service account the required role. For example, to allow a service account to read dashboards, it needs at least the Viewer role. If it needs to modify dashboards, it would need Editor or Admin.
    # Example: Update service account role to Editor
curl -X PUT -u admin:admin_password \
  -H 'Content-Type: application/json' \
  -d '{"role": "Editor"}' \
  'http://localhost:3000/api/serviceaccounts/12345'
    This command updates the service account with ID 12345 to have the Editor role, allowing it to perform actions requiring higher privileges.
  • Why it works: Grafana enforces role-based access control (RBAC) at the API level. If the service account’s role doesn’t permit the requested action, the API might deny access, sometimes with a generic "not found" if the check is broad.

5. Grafana Internal Cache Issues

  • Diagnosis: Occasionally, Grafana’s internal caches might become stale, leading it to believe a service account doesn’t exist when it actually does.
  • Fix: Restart the Grafana server.
    sudo systemctl restart grafana-server
    This clears the in-memory caches and forces Grafana to re-read its configuration and database, including service account information.
  • Why it works: A server restart provides a clean slate, ensuring that all internal data structures are up-to-date and reflecting the current state of service accounts in the database.

6. Service Account Deleted After Token Generation

  • Diagnosis: If a service account was deleted from Grafana, any tokens previously generated for it become invalid. Subsequent API calls using such a token will fail, potentially with a "not found" error for the service account.
  • Fix: Recreate the service account and generate a new token. Follow steps from "Service Account Does Not Exist" and "Service Account Token Mismatch or Expiration."
  • Why it works: Once a service account is deleted, its associated records and permissions are removed from Grafana’s system. Any attempts to use its credentials will fail because the principal identity no longer exists.

The next error you’ll likely encounter after fixing this is a 403 Forbidden if the service account exists but lacks the necessary permissions for the specific API endpoint you are calling.

Want structured learning?

Take the full Grafana course →