Query parameters

• id string

  An API key id. This parameter cannot be used with any of name, realm_name or username.

• name string

  An API key name. This parameter cannot be used with any of id, realm_name or username. It supports prefix search with wildcard.

• owner boolean

  A boolean flag that can be used to query API keys owned by the currently authenticated user. The realm_name or username parameters cannot be specified when this parameter is set to true as they are assumed to be the currently authenticated ones.

• realm_name string

  The name of an authentication realm. This parameter cannot be used with either id or name or when owner flag is set to true.

• username string

  The username of a user. This parameter cannot be used with either id or name or when owner flag is set to true.

• with_limited_by boolean

  Return the snapshot of the owner user's role descriptors associated with the API key. An API key's actual permission is the intersection of its assigned role descriptors and the owner user's role descriptors.

• active_only boolean

  A boolean flag that can be used to query API keys that are currently active. An API key is considered active if it is neither invalidated, nor expired at query time. You can specify this together with other parameters such as owner or name. If active_only is false, the response will include both active and inactive (expired or invalidated) keys.

• with_profile_uid boolean

  Determines whether to also retrieve the profile uid, for the API key owner principal, if it exists.

Responses

• 200 application/json
  Hide response attribute Show response attribute object

  • api_keys array[object] Required
    Hide api_keys attributes Show api_keys attributes object

    • creation number

      Creation time for the API key in milliseconds.

    • expiration number

      Expiration time for the API key in milliseconds.

    • id string Required
    • invalidated boolean

      Invalidation status for the API key. If the key has been invalidated, it has a value of true. Otherwise, it is false.

    • name string Required
    • realm string

      Realm name of the principal for which this API key was created.

    • realm_type string

      Realm type of the principal for which this API key was created

    • username string
    • profile_uid string

      The profile uid for the API key owner principal, if requested and if it exists

    • metadata object
      Hide metadata attributes Show metadata attributes object

      • Additional properties
      • key object
    • role_descriptors object
      Hide role_descriptors attributes Show role_descriptors attributes object

      • Additional properties
      • cluster array[string]

        A list of cluster privileges. These privileges define the cluster level actions that API keys are able to execute.

      • indices array[object]

        A list of indices permissions entries.
      • applications array[object]

        A list of application privilege entries
      • metadata object
        Hide metadata attributes Show metadata attributes object

        • Additional properties
        • key object
      • run_as array[string]

        A list of users that the API keys can impersonate. Note: in Serverless, the run-as feature is disabled. For API compatibility, you can still specify an empty run_as field, but a non-empty list will be rejected.

      • description string

        Optional description of the role descriptor

      • transient_metadata object
        Hide transient_metadata attributes Show transient_metadata attributes object

        • Additional properties
        • key object
    • limited_by array[object]

      The owner user’s permissions associated with the API key. It is a point-in-time snapshot captured at creation and subsequent updates. An API key’s effective permissions are an intersection of its assigned privileges and the owner user’s permissions.

      Hide limited_by attributes Show limited_by attributes object

      • Additional properties
      • cluster array[string]

        A list of cluster privileges. These privileges define the cluster level actions that API keys are able to execute.

      • indices array[object]

        A list of indices permissions entries.

      • applications array[object]

        A list of application privilege entries

      • metadata object
      • run_as array[string]

        A list of users that the API keys can impersonate. Note: in Serverless, the run-as feature is disabled. For API compatibility, you can still specify an empty run_as field, but a non-empty list will be rejected.

      • description string

        Optional description of the role descriptor

      • transient_metadata object
    • _sort array[number | string | boolean | null | object]

      A field value.

      One of:

      _types:FieldValue number _types:FieldValue number _types:FieldValue string _types:FieldValue boolean _types:FieldValue string | null _types:FieldValue object