Create API key

POST /users/auth/keys

Creates a new API key.

Body Required

The request payload that creates the API keys.

  • description string Required

    API key description. Useful if there are multiple keys

  • expiration string

    The optional expiration for the API key, provided as a duration (ex: '1d', '3h')

  • role_assignments object

    The roles that will be assigned to users once they accept the invitation. Currently unavailable in self-hosted ECE.

    Hide role_assignments attributes Show role_assignments attributes object
    • platform array[object]

      Assignments for roles with platform scope.

      Hide platform attribute Show platform attribute object

      Assignment for a role with platform scope.

      • role_id string Required

        The ID of the role that is assigned.

    • organization array[object]

      Assignments for roles with organization scope.

      Hide organization attributes Show organization attributes object

      Assignment for a role with organization scope.

      • role_id string Required

        The ID of the role that is assigned.

      • organization_id string Required

        The ID of the organization the role is scoped to.

    • deployment array[object]

      Assignments for roles with deployment scope.

      Hide deployment attributes Show deployment attributes object

      Assignment for a role with deployment scope.

      • role_id string Required

        The ID of the role that is assigned.

      • organization_id string Required

        The ID of the organization the role is scoped to.

      • all boolean

        When true, the role applies to all deployments in the organization, otherwise the role is scoped to the deployments specified in deployment_ids.

      • deployment_ids array[string]

        The IDs of the deployments the role is scoped to. Must be absent if all is true, and present if all is false.

      • application_roles array[string]

        If provided, the user assigned this role assignment will be granted this application role when signing in to the deployment(s) specified in the role assignment.

    • project object

      Assignments for roles with project scope.

      Hide project attributes Show project attributes object
      • elasticsearch array[object]

        The Elasticsearch project-scoped role assignments to set

        Hide elasticsearch attributes Show elasticsearch attributes object

        Assignment for a role with project scope.

        • role_id string Required

          The ID of the role that is assigned.

        • organization_id string Required

          The ID of the organization the role is scoped to.

        • all boolean

          When true, the role applies to all projects in the organization, otherwise the role is scoped to the projects specified in project_ids.

        • project_ids array[string]

          The IDs of the projects the role is scoped to. Must be absent if all is true, and present if all is false.

        • application_roles array[string]

          If provided, the user assigned this role assignment will be granted this application role when signing in to the project(s) specified in the role assignment.

      • observability array[object]

        The Observability project-scoped role assignments to set

        Hide observability attributes Show observability attributes object

        Assignment for a role with project scope.

        • role_id string Required

          The ID of the role that is assigned.

        • organization_id string Required

          The ID of the organization the role is scoped to.

        • all boolean

          When true, the role applies to all projects in the organization, otherwise the role is scoped to the projects specified in project_ids.

        • project_ids array[string]

          The IDs of the projects the role is scoped to. Must be absent if all is true, and present if all is false.

        • application_roles array[string]

          If provided, the user assigned this role assignment will be granted this application role when signing in to the project(s) specified in the role assignment.

      • security array[object]

        The Security project-scoped role assignments to set

        Hide security attributes Show security attributes object

        Assignment for a role with project scope.

        • role_id string Required

          The ID of the role that is assigned.

        • organization_id string Required

          The ID of the organization the role is scoped to.

        • all boolean

          When true, the role applies to all projects in the organization, otherwise the role is scoped to the projects specified in project_ids.

        • project_ids array[string]

          The IDs of the projects the role is scoped to. Must be absent if all is true, and present if all is false.

        • application_roles array[string]

          If provided, the user assigned this role assignment will be granted this application role when signing in to the project(s) specified in the role assignment.

Responses

  • 201

    The API key is created and returned in the body of the response.

    Hide response attributes Show response attributes object

    The response model for an API key.

    • id string Required

      The API key ID.

    • user_id string

      The user ID.

    • organization_id string

      The organization ID linked to the API key

    • description string Required

      The API key description. TIP: Useful when you have multiple API keys.

    • key string

      The API key. TIP: Since the API key is returned only once, save it in a safe place.

    • creation_date string(date-time) Required

      The date/time for when the API key is created.

    • expiration_date string(date-time)

      The date/time when the API key expires.

    • role_assignments object

      The roles that will be assigned to users once they accept the invitation. Currently unavailable in self-hosted ECE.

      Hide role_assignments attributes Show role_assignments attributes object
      • platform array[object]

        Assignments for roles with platform scope.

        Hide platform attribute Show platform attribute object

        Assignment for a role with platform scope.

        • role_id string Required

          The ID of the role that is assigned.

      • organization array[object]

        Assignments for roles with organization scope.

        Hide organization attributes Show organization attributes object

        Assignment for a role with organization scope.

        • role_id string Required

          The ID of the role that is assigned.

        • organization_id string Required

          The ID of the organization the role is scoped to.

      • deployment array[object]

        Assignments for roles with deployment scope.

        Hide deployment attributes Show deployment attributes object

        Assignment for a role with deployment scope.

        • role_id string Required

          The ID of the role that is assigned.

        • organization_id string Required

          The ID of the organization the role is scoped to.

        • all boolean

          When true, the role applies to all deployments in the organization, otherwise the role is scoped to the deployments specified in deployment_ids.

        • deployment_ids array[string]

          The IDs of the deployments the role is scoped to. Must be absent if all is true, and present if all is false.

        • application_roles array[string]

          If provided, the user assigned this role assignment will be granted this application role when signing in to the deployment(s) specified in the role assignment.

      • project object

        Assignments for roles with project scope.

        Hide project attributes Show project attributes object
        • elasticsearch array[object]

          The Elasticsearch project-scoped role assignments to set

          Hide elasticsearch attributes Show elasticsearch attributes object

          Assignment for a role with project scope.

          • role_id string Required

            The ID of the role that is assigned.

          • organization_id string Required

            The ID of the organization the role is scoped to.

          • all boolean

            When true, the role applies to all projects in the organization, otherwise the role is scoped to the projects specified in project_ids.

          • project_ids array[string]

            The IDs of the projects the role is scoped to. Must be absent if all is true, and present if all is false.

          • application_roles array[string]

            If provided, the user assigned this role assignment will be granted this application role when signing in to the project(s) specified in the role assignment.

        • observability array[object]

          The Observability project-scoped role assignments to set

          Hide observability attributes Show observability attributes object

          Assignment for a role with project scope.

          • role_id string Required

            The ID of the role that is assigned.

          • organization_id string Required

            The ID of the organization the role is scoped to.

          • all boolean

            When true, the role applies to all projects in the organization, otherwise the role is scoped to the projects specified in project_ids.

          • project_ids array[string]

            The IDs of the projects the role is scoped to. Must be absent if all is true, and present if all is false.

          • application_roles array[string]

            If provided, the user assigned this role assignment will be granted this application role when signing in to the project(s) specified in the role assignment.

        • security array[object]

          The Security project-scoped role assignments to set

          Hide security attributes Show security attributes object

          Assignment for a role with project scope.

          • role_id string Required

            The ID of the role that is assigned.

          • organization_id string Required

            The ID of the organization the role is scoped to.

          • all boolean

            When true, the role applies to all projects in the organization, otherwise the role is scoped to the projects specified in project_ids.

          • project_ids array[string]

            The IDs of the projects the role is scoped to. Must be absent if all is true, and present if all is false.

          • application_roles array[string]

            If provided, the user assigned this role assignment will be granted this application role when signing in to the project(s) specified in the role assignment.
  • 400

    The request is invalid. Specify a different request, then try again. (code: api_keys.invalid_input)

    Hide headers attribute Show headers attribute
    • x-cloud-error-codes string

      The error codes associated with the response

      Value is api_keys.invalid_input.

    Hide response attribute Show response attribute object
    • errors array[object] Required

      A list of errors that occurred in the failing request

      Hide errors attributes Show errors attributes object
      • code string Required

        A structured code representing the error type that occurred

      • message string Required

        A human readable message describing the error that occurred

      • fields array[string]

        If the error can be tied to a specific field or fields in the user request, this lists those fields
POST /users/auth/keys 
curl \
 -X POST https://api.elastic-cloud.com/api/v1/users/auth/keys \
 -d '{"description":"string","expiration":"string","role_assignments":{"platform":[{"role_id":"string"}],"organization":[{"role_id":"string","organization_id":"string"}],"deployment":[{"role_id":"string","organization_id":"string","all":true,"deployment_ids":["string"],"application_roles":["string"]}],"project":{"elasticsearch":[{"role_id":"string","organization_id":"string","all":true,"project_ids":["string"],"application_roles":["string"]}],"observability":[{"role_id":"string","organization_id":"string","all":true,"project_ids":["string"],"application_roles":["string"]}],"security":[{"role_id":"string","organization_id":"string","all":true,"project_ids":["string"],"application_roles":["string"]}]}}}'
Request examples 
{
  "description": "string",
  "expiration": "string",
  "role_assignments": {
    "platform": [
      {
        "role_id": "string"
      }
    ],
    "organization": [
      {
        "role_id": "string",
        "organization_id": "string"
      }
    ],
    "deployment": [
      {
        "role_id": "string",
        "organization_id": "string",
        "all": true,
        "deployment_ids": [
          "string"
        ],
        "application_roles": [
          "string"
        ]
      }
    ],
    "project": {
      "elasticsearch": [
        {
          "role_id": "string",
          "organization_id": "string",
          "all": true,
          "project_ids": [
            "string"
          ],
          "application_roles": [
            "string"
          ]
        }
      ],
      "observability": [
        {
          "role_id": "string",
          "organization_id": "string",
          "all": true,
          "project_ids": [
            "string"
          ],
          "application_roles": [
            "string"
          ]
        }
      ],
      "security": [
        {
          "role_id": "string",
          "organization_id": "string",
          "all": true,
          "project_ids": [
            "string"
          ],
          "application_roles": [
            "string"
          ]
        }
      ]
    }
  }
}
Response examples (201) 
{
  "id": "string",
  "user_id": "string",
  "organization_id": "string",
  "description": "string",
  "key": "string",
  "creation_date": "2024-05-04T09:42:00+00:00",
  "expiration_date": "2024-05-04T09:42:00+00:00",
  "role_assignments": {
    "platform": [
      {
        "role_id": "string"
      }
    ],
    "organization": [
      {
        "role_id": "string",
        "organization_id": "string"
      }
    ],
    "deployment": [
      {
        "role_id": "string",
        "organization_id": "string",
        "all": true,
        "deployment_ids": [
          "string"
        ],
        "application_roles": [
          "string"
        ]
      }
    ],
    "project": {
      "elasticsearch": [
        {
          "role_id": "string",
          "organization_id": "string",
          "all": true,
          "project_ids": [
            "string"
          ],
          "application_roles": [
            "string"
          ]
        }
      ],
      "observability": [
        {
          "role_id": "string",
          "organization_id": "string",
          "all": true,
          "project_ids": [
            "string"
          ],
          "application_roles": [
            "string"
          ]
        }
      ],
      "security": [
        {
          "role_id": "string",
          "organization_id": "string",
          "all": true,
          "project_ids": [
            "string"
          ],
          "application_roles": [
            "string"
          ]
        }
      ]
    }
  }
}
Response examples (400) 
# Headers
x-cloud-error-codes: api_keys.invalid_input

# Payload
{
  "errors": [
    {
      "code": "string",
      "message": "string",
      "fields": [
        "string"
      ]
    }
  ]
}