Invalidate API keys

DELETE /_security/api_key

Invalidates one or more API keys. The manage_api_key privilege allows deleting any API keys. The manage_own_api_key only allows deleting API keys that are owned by the user. In addition, with the manage_own_api_key privilege, an invalidation request must be issued in one of the three formats:

Set the parameter owner=true.
Or, set both username and realm_name to match the user’s identity.
Or, if the request is issued by an API key, i.e. an API key invalidates itself, specify its ID in the ids field.

application/json

Body Required

id string
ids array[string]

A list of API key ids. This parameter cannot be used with any of name, realm_name, or username.
name string
owner boolean

Can be used to query API keys owned by the currently authenticated user. The realm_name or username parameters cannot be specified when this parameter is set to true as they are assumed to be the currently authenticated ones.
realm_name string

The name of an authentication realm. This parameter cannot be used with either ids or name, or when owner flag is set to true.
username string

Responses

200 application/json
Hide response attributes Show response attributes object
- error_count number Required
- error_details array[object]
  
  Hide error_details attributes Show error_details attributes object
  
  type string Required
  
  The type of error
  
  reason string
  
  A human-readable explanation of the error, in english
  
  stack_trace string
  
  The server stack trace. Present only if the error_trace=true parameter was sent with the request.
  
  caused_by object
  
  root_cause array[object]
  
  suppressed array[object]
- invalidated_api_keys array[string] Required
- previously_invalidated_api_keys array[string] Required

DELETE /_security/api_key

curl \
 -X DELETE http://api.example.com/_security/api_key \
 -H "Content-Type: application/json" \
 -d '{"id":"string","ids":["string"],"name":"string","owner":true,"realm_name":"string","username":"string"}'