Authenticate a user
Authenticates a user and returns information about the authenticated user. Include the user information in a basic auth header. A successful call returns a JSON structure that shows user information such as their username, the roles that are assigned to the user, any assigned metadata, and information about the realms that authenticated and authorized the user. If the user cannot be authenticated, this API returns a 401 status code.
Responses
-
200 application/json
Hide response attributes Show response attributes object
-
api_key object
Hide api_key attributes Show api_key attributes object
-
creation number
Creation time for the API key in milliseconds.
-
expiration number
Expiration time for the API key in milliseconds.
-
invalidated boolean
Invalidation status for the API key. If the key has been invalidated, it has a value of
true
. Otherwise, it isfalse
. -
realm string
Realm name of the principal for which this API key was created.
-
realm_type string
Realm type of the principal for which this API key was created
-
username string
-
profile_uid string
The profile uid for the API key owner principal, if requested and if it exists
-
metadata object
Hide metadata attributes Show metadata attributes object
-
key object
-
role_descriptors object
Hide role_descriptors attributes Show role_descriptors attributes object
-
cluster array[string]
A list of cluster privileges. These privileges define the cluster level actions that API keys are able to execute.
-
indices array[object]
A list of indices permissions entries.
Hide indices attributes Show indices attributes object
-
field_security object
-
The index level privileges that owners of the role have on the specified indices.
-
-
applications array[object]
A list of application privilege entries
Hide applications attributes Show applications attributes object
-
The name of the application to which this entry applies.
-
A list of strings, where each element is the name of an application privilege or action.
-
A list resources to which the privileges are applied.
-
-
metadata object
Hide metadata attributes Show metadata attributes object
-
key object
-
run_as array[string]
A list of users that the API keys can impersonate. Note: in Serverless, the run-as feature is disabled. For API compatibility, you can still specify an empty
run_as
field, but a non-empty list will be rejected. -
description string
Optional description of the role descriptor
-
transient_metadata object
Hide transient_metadata attributes Show transient_metadata attributes object
-
key object
-
limited_by array[object]
The owner user’s permissions associated with the API key. It is a point-in-time snapshot captured at creation and subsequent updates. An API key’s effective permissions are an intersection of its assigned privileges and the owner user’s permissions.
Hide limited_by attributes Show limited_by attributes object
-
cluster array[string]
A list of cluster privileges. These privileges define the cluster level actions that API keys are able to execute.
-
indices array[object]
A list of indices permissions entries.
-
applications array[object]
A list of application privilege entries
-
metadata object
Hide metadata attributes Show metadata attributes object
-
key object
-
run_as array[string]
A list of users that the API keys can impersonate. Note: in Serverless, the run-as feature is disabled. For API compatibility, you can still specify an empty
run_as
field, but a non-empty list will be rejected. -
description string
Optional description of the role descriptor
-
transient_metadata object
Hide transient_metadata attributes Show transient_metadata attributes object
-
key object
-
_sort array[number | string | boolean | null | object]
-
email string | null
full_name string | null
-
Hide metadata attributes Show metadata attributes object
-
key object
-
token object
-
curl \
-X GET http://api.example.com/_security/_authenticate