Create API key

POST /users/auth/keys

Creates a new API key.

Body Required

The request to create the API key

description string Required

API key description. Useful if there are multiple keys
expiration string

The optional expiration for the API key, provided as a duration (ex: '1d', '3h')
role_assignments object

The roles that will be assigned to users once they accept the invitation. Currently unavailable in self-hosted ECE.

Additional properties are allowed.
Hide role_assignments attributes Show role_assignments attributes object
- platform array[object]
  
  Assignments for roles with platform scope.
  Hide platform attribute Show platform attribute object
  
  role_id string Required
  
  The ID of the role that is assigned.
- organization array[object]
  
  Assignments for roles with organization scope.
  Hide organization attributes Show organization attributes object
  
  role_id string Required
  
  The ID of the role that is assigned.
  
  organization_id string Required
  
  The ID of the organization the role is scoped to.
- deployment array[object]
  
  Assignments for roles with deployment scope.
  Hide deployment attributes Show deployment attributes object
  
  role_id string Required
  
  The ID of the role that is assigned.
  
  organization_id string Required
  
  The ID of the organization the role is scoped to.
  
  all boolean
  
  When true, the role applies to all deployments in the organization, otherwise the role is scoped to the deployments specified in deployment_ids.
  
  deployment_ids array[string]
  
  The IDs of the deployments the role is scoped to. Must be absent if all is true, and present if all is false.
  
  application_roles array[string]
  
  If provided, the user assigned this role assignment will be granted this application role when signing in to the deployment(s) specified in the role assignment.
- project object
  
  Assignments for roles with project scope.
  
  Additional properties are allowed.
  Hide project attributes Show project attributes object
  
  elasticsearch array[object]
  
  The Elasticsearch project-scoped role assignments to set
  
  Hide elasticsearch attributes Show elasticsearch attributes object
  
  role_id string Required
  
  The ID of the role that is assigned.
  
  organization_id string Required
  
  The ID of the organization the role is scoped to.
  
  all boolean
  
  When true, the role applies to all projects in the organization, otherwise the role is scoped to the projects specified in project_ids.
  
  project_ids array[string]
  
  The IDs of the projects the role is scoped to. Must be absent if all is true, and present if all is false.
  
  application_roles array[string]
  
  If provided, the user assigned this role assignment will be granted this application role when signing in to the project(s) specified in the role assignment.
  
  observability array[object]
  
  The Observability project-scoped role assignments to set
  
  Hide observability attributes Show observability attributes object
  
  role_id string Required
  
  The ID of the role that is assigned.
  
  organization_id string Required
  
  The ID of the organization the role is scoped to.
  
  all boolean
  
  When true, the role applies to all projects in the organization, otherwise the role is scoped to the projects specified in project_ids.
  
  project_ids array[string]
  
  The IDs of the projects the role is scoped to. Must be absent if all is true, and present if all is false.
  
  application_roles array[string]
  
  If provided, the user assigned this role assignment will be granted this application role when signing in to the project(s) specified in the role assignment.
  
  security array[object]
  
  The Security project-scoped role assignments to set
  
  Hide security attributes Show security attributes object
  
  role_id string Required
  
  The ID of the role that is assigned.
  
  organization_id string Required
  
  The ID of the organization the role is scoped to.
  
  all boolean
  
  When true, the role applies to all projects in the organization, otherwise the role is scoped to the projects specified in project_ids.
  
  project_ids array[string]
  
  The IDs of the projects the role is scoped to. Must be absent if all is true, and present if all is false.
  
  application_roles array[string]
  
  If provided, the user assigned this role assignment will be granted this application role when signing in to the project(s) specified in the role assignment.

Responses

201

The API key is created and returned in the body of the response.
Hide response attributes Show response attributes object
- id string Required
  
  The API key ID.
- user_id string
  
  The user ID.
- organization_id string
  
  The organization ID linked to the API key
- description string Required
  
  The API key description. TIP: Useful when you have multiple API keys.
- key string
  
  The API key. TIP: Since the API key is returned only once, save it in a safe place.
- creation_date string(date-time) Required
  
  The date/time for when the API key is created.
- expiration_date string(date-time)
  
  The date/time when the API key expires.
- role_assignments object
  
  The roles that will be assigned to users once they accept the invitation. Currently unavailable in self-hosted ECE.
  
  Additional properties are allowed.
  
  Hide role_assignments attributes Show role_assignments attributes object
  
  platform array[object]
  
  Assignments for roles with platform scope.
  
  Hide platform attribute Show platform attribute object
  
  role_id string Required
  
  The ID of the role that is assigned.
  
  organization array[object]
  
  Assignments for roles with organization scope.
  
  Hide organization attributes Show organization attributes object
  
  role_id string Required
  
  The ID of the role that is assigned.
  
  organization_id string Required
  
  The ID of the organization the role is scoped to.
  
  deployment array[object]
  
  Assignments for roles with deployment scope.
  
  Hide deployment attributes Show deployment attributes object
  
  role_id string Required
  
  The ID of the role that is assigned.
  
  organization_id string Required
  
  The ID of the organization the role is scoped to.
  
  all boolean
  
  When true, the role applies to all deployments in the organization, otherwise the role is scoped to the deployments specified in deployment_ids.
  
  deployment_ids array[string]
  
  The IDs of the deployments the role is scoped to. Must be absent if all is true, and present if all is false.
  
  application_roles array[string]
  
  If provided, the user assigned this role assignment will be granted this application role when signing in to the deployment(s) specified in the role assignment.
  
  project object
  
  Assignments for roles with project scope.
  
  Additional properties are allowed.
  
  Hide project attributes Show project attributes object
  
  elasticsearch array[object]
  
  The Elasticsearch project-scoped role assignments to set
  
  Hide elasticsearch attributes Show elasticsearch attributes object
  
  role_id string Required
  
  The ID of the role that is assigned.
  
  organization_id string Required
  
  The ID of the organization the role is scoped to.
  
  all boolean
  
  When true, the role applies to all projects in the organization, otherwise the role is scoped to the projects specified in project_ids.
  
  project_ids array[string]
  
  The IDs of the projects the role is scoped to. Must be absent if all is true, and present if all is false.
  
  application_roles array[string]
  
  If provided, the user assigned this role assignment will be granted this application role when signing in to the project(s) specified in the role assignment.
  
  observability array[object]
  
  The Observability project-scoped role assignments to set
  
  Hide observability attributes Show observability attributes object
  
  role_id string Required
  
  The ID of the role that is assigned.
  
  organization_id string Required
  
  The ID of the organization the role is scoped to.
  
  all boolean
  
  When true, the role applies to all projects in the organization, otherwise the role is scoped to the projects specified in project_ids.
  
  project_ids array[string]
  
  The IDs of the projects the role is scoped to. Must be absent if all is true, and present if all is false.
  
  application_roles array[string]
  
  If provided, the user assigned this role assignment will be granted this application role when signing in to the project(s) specified in the role assignment.
  
  security array[object]
  
  The Security project-scoped role assignments to set
  
  Hide security attributes Show security attributes object
  
  role_id string Required
  
  The ID of the role that is assigned.
  
  organization_id string Required
  
  The ID of the organization the role is scoped to.
  
  all boolean
  
  When true, the role applies to all projects in the organization, otherwise the role is scoped to the projects specified in project_ids.
  
  project_ids array[string]
  
  The IDs of the projects the role is scoped to. Must be absent if all is true, and present if all is false.
  
  application_roles array[string]
  
  If provided, the user assigned this role assignment will be granted this application role when signing in to the project(s) specified in the role assignment.
400

The request is invalid. Specify a different request, then try again. (code: api_keys.invalid_input)
Hide headers attribute Show headers attribute
- x-cloud-error-codes string
  
  The error codes associated with the response
  
  Value is api_keys.invalid_input.
Hide response attribute Show response attribute object
- errors array[object] Required
  
  A list of errors that occurred in the failing request
  
  Hide errors attributes Show errors attributes object
  
  code string Required
  
  A structured code representing the error type that occurred
  
  message string Required
  
  A human readable message describing the error that occurred
  
  fields array[string]
  
  If the error can be tied to a specific field or fields in the user request, this lists those fields

POST /users/auth/keys

curl \
 -X POST https://api.elastic-cloud.com/api/v1/users/auth/keys \
 -d '{"description":"string","expiration":"string","role_assignments":{"platform":[{"role_id":"string"}],"organization":[{"role_id":"string","organization_id":"string"}],"deployment":[{"role_id":"string","organization_id":"string","all":true,"deployment_ids":["string"],"application_roles":["string"]}],"project":{"elasticsearch":[{"role_id":"string","organization_id":"string","all":true,"project_ids":["string"],"application_roles":["string"]}],"observability":[{"role_id":"string","organization_id":"string","all":true,"project_ids":["string"],"application_roles":["string"]}],"security":[{"role_id":"string","organization_id":"string","all":true,"project_ids":["string"],"application_roles":["string"]}]}}}'

Request examples

{
  "description": "string",
  "expiration": "string",
  "role_assignments": {
    "platform": [
      {
        "role_id": "string"
      }
    ],
    "organization": [
      {
        "role_id": "string",
        "organization_id": "string"
      }
    ],
    "deployment": [
      {
        "role_id": "string",
        "organization_id": "string",
        "all": true,
        "deployment_ids": [
          "string"
        ],
        "application_roles": [
          "string"
        ]
      }
    ],
    "project": {
      "elasticsearch": [
        {
          "role_id": "string",
          "organization_id": "string",
          "all": true,
          "project_ids": [
            "string"
          ],
          "application_roles": [
            "string"
          ]
        }
      ],
      "observability": [
        {
          "role_id": "string",
          "organization_id": "string",
          "all": true,
          "project_ids": [
            "string"
          ],
          "application_roles": [
            "string"
          ]
        }
      ],
      "security": [
        {
          "role_id": "string",
          "organization_id": "string",
          "all": true,
          "project_ids": [
            "string"
          ],
          "application_roles": [
            "string"
          ]
        }
      ]
    }
  }
}

Response examples (201)

{
  "id": "string",
  "user_id": "string",
  "organization_id": "string",
  "description": "string",
  "key": "string",
  "creation_date": "2024-05-04T09:42:00+00:00",
  "expiration_date": "2024-05-04T09:42:00+00:00",
  "role_assignments": {
    "platform": [
      {
        "role_id": "string"
      }
    ],
    "organization": [
      {
        "role_id": "string",
        "organization_id": "string"
      }
    ],
    "deployment": [
      {
        "role_id": "string",
        "organization_id": "string",
        "all": true,
        "deployment_ids": [
          "string"
        ],
        "application_roles": [
          "string"
        ]
      }
    ],
    "project": {
      "elasticsearch": [
        {
          "role_id": "string",
          "organization_id": "string",
          "all": true,
          "project_ids": [
            "string"
          ],
          "application_roles": [
            "string"
          ]
        }
      ],
      "observability": [
        {
          "role_id": "string",
          "organization_id": "string",
          "all": true,
          "project_ids": [
            "string"
          ],
          "application_roles": [
            "string"
          ]
        }
      ],
      "security": [
        {
          "role_id": "string",
          "organization_id": "string",
          "all": true,
          "project_ids": [
            "string"
          ],
          "application_roles": [
            "string"
          ]
        }
      ]
    }
  }
}

Response examples (400)

# Headers
x-cloud-error-codes: api_keys.invalid_input

# Payload
{
  "errors": [
    {
      "code": "string",
      "message": "string",
      "fields": [
        "string"
      ]
    }
  ]
}