Invalidate API keys
Invalidates one or more API keys.
The manage_api_key
privilege allows deleting any API keys.
The manage_own_api_key
only allows deleting API keys that are owned by the user.
In addition, with the manage_own_api_key
privilege, an invalidation request must be issued in one of the three formats:
- Set the parameter
owner=true
. - Or, set both
username
andrealm_name
to match the user’s identity. - Or, if the request is issued by an API key, i.e. an API key invalidates itself, specify its ID in the
ids
field.
Body Required
-
id string
-
ids array[string]
A list of API key ids. This parameter cannot be used with any of
name
,realm_name
, orusername
. -
name string
-
owner boolean
Can be used to query API keys owned by the currently authenticated user. The
realm_name
orusername
parameters cannot be specified when this parameter is set totrue
as they are assumed to be the currently authenticated ones. -
realm_name string
The name of an authentication realm. This parameter cannot be used with either
ids
orname
, or whenowner
flag is set totrue
. -
username string
DELETE /_security/api_key
curl \
-X DELETE http://api.example.com/_security/api_key \
-H "Content-Type: application/json" \
-d '{"id":"string","ids":["string"],"name":"string","owner":true,"realm_name":"string","username":"string"}'