Authenticate a user Added in 5.5.0

GET /_security/_authenticate

Authenticates a user and returns information about the authenticated user. Include the user information in a basic auth header. A successful call returns a JSON structure that shows user information such as their username, the roles that are assigned to the user, any assigned metadata, and information about the realms that authenticated and authorized the user. If the user cannot be authenticated, this API returns a 401 status code.

Responses

  • 200 application/json
    Hide response attributes Show response attributes object
    • api_key object

      Additional properties are allowed.

      Hide api_key attributes Show api_key attributes object
      • creation number

        Creation time for the API key in milliseconds.

      • expiration number

        Expiration time for the API key in milliseconds.

      • id string Required
      • invalidated boolean

        Invalidation status for the API key. If the key has been invalidated, it has a value of true. Otherwise, it is false.

      • name string Required
      • realm string

        Realm name of the principal for which this API key was created.

      • realm_type string

        Realm type of the principal for which this API key was created

      • username string
      • profile_uid string

        The profile uid for the API key owner principal, if requested and if it exists

      • metadata object
        Hide metadata attribute Show metadata attribute object
        • * object Additional properties

          Additional properties are allowed.

      • role_descriptors object

        The role descriptors assigned to this API key when it was created or last updated. An empty role descriptor means the API key inherits the owner user’s permissions.

        Hide role_descriptors attribute Show role_descriptors attribute object
        • * object Additional properties

          Additional properties are allowed.

          Hide * attributes Show * attributes object
          • cluster array[string]

            A list of cluster privileges. These privileges define the cluster level actions that API keys are able to execute.

          • indices array[object]

            A list of indices permissions entries.

            Hide indices attributes Show indices attributes object
          • applications array[object]

            A list of application privilege entries

            Hide applications attributes Show applications attributes object
            • application string Required

              The name of the application to which this entry applies.

            • privileges array[string] Required

              A list of strings, where each element is the name of an application privilege or action.

            • resources array[string] Required

              A list resources to which the privileges are applied.

          • metadata object
            Hide metadata attribute Show metadata attribute object
            • * object Additional properties

              Additional properties are allowed.

          • run_as array[string]

            A list of users that the API keys can impersonate. Note: in Serverless, the run-as feature is disabled. For API compatibility, you can still specify an empty run_as field, but a non-empty list will be rejected.

          • description string

            Optional description of the role descriptor

          • restriction object

            Additional properties are allowed.

            Hide restriction attribute Show restriction attribute object
          • transient_metadata object
            Hide transient_metadata attribute Show transient_metadata attribute object
            • * object Additional properties

              Additional properties are allowed.

      • limited_by array[object]

        The owner user’s permissions associated with the API key. It is a point-in-time snapshot captured at creation and subsequent updates. An API key’s effective permissions are an intersection of its assigned privileges and the owner user’s permissions.

        Hide limited_by attribute Show limited_by attribute object
        • * object Additional properties

          Additional properties are allowed.

          Hide * attributes Show * attributes object
          • cluster array[string]

            A list of cluster privileges. These privileges define the cluster level actions that API keys are able to execute.

          • indices array[object]

            A list of indices permissions entries.

            Additional properties are allowed.

          • applications array[object]

            A list of application privilege entries

            Additional properties are allowed.

          • metadata object
            Hide metadata attribute Show metadata attribute object
            • * object Additional properties

              Additional properties are allowed.

          • run_as array[string]

            A list of users that the API keys can impersonate. Note: in Serverless, the run-as feature is disabled. For API compatibility, you can still specify an empty run_as field, but a non-empty list will be rejected.

          • description string

            Optional description of the role descriptor

          • restriction object

            Additional properties are allowed.

            Hide restriction attribute Show restriction attribute object
          • transient_metadata object
            Hide transient_metadata attribute Show transient_metadata attribute object
            • * object Additional properties

              Additional properties are allowed.

      • _sort array[number | string | boolean | null | object]

        A field value.

        One of:
        _types:FieldValue number _types:FieldValue number _types:FieldValue string _types:FieldValue boolean _types:FieldValue string | null _types:FieldValue object

        Additional properties are allowed.

    • authentication_realm object Required

      Additional properties are allowed.

      Hide authentication_realm attributes Show authentication_realm attributes object

    • email string | null

      One of:
      string-1 string string-2 string | null

    • full_name string | null

      One of:
      _types:Name string string-2 string | null
    • lookup_realm object Required

      Additional properties are allowed.

      Hide lookup_realm attributes Show lookup_realm attributes object
    • metadata object Required
      Hide metadata attribute Show metadata attribute object
      • * object Additional properties

        Additional properties are allowed.

    • roles array[string] Required
    • username string Required
    • enabled boolean Required
    • authentication_type string Required
    • token object

      Additional properties are allowed.

      Hide token attributes Show token attributes object
GET /_security/_authenticate 
curl \
 -X GET http://api.example.com/_security/_authenticate