Update an API key
Updates attributes of an existing API key.
Users can only update API keys that they created or that were granted to them.
Use this API to update API keys created by the create API Key or grant API Key APIs.
If you need to apply the same update to many API keys, you can use bulk update API Keys to reduce overhead.
It’s not possible to update expired API keys, or API keys that have been invalidated by invalidate API Key.
This API supports updates to an API key’s access scope and metadata.
The access scope of an API key is derived from the role_descriptors
you specify in the request, and a snapshot of the owner user’s permissions at the time of the request.
The snapshot of the owner’s permissions is updated automatically on every call.
If you don’t specify role_descriptors
in the request, a call to this API might still change the API key’s access scope.
This change can occur if the owner user’s permissions have changed since the API key was created or last modified.
To update another user’s API key, use the run_as
feature to submit a request on behalf of another user.
IMPORTANT: It’s not possible to use an API key as the authentication credential for this API.
To update an API key, the owner user’s credentials are required.
Path parameters
-
The ID of the API key to update.
Body
-
role_descriptors object
-
metadata object
-
expiration string
A duration. Units can be
nanos
,micros
,ms
(milliseconds),s
(seconds),m
(minutes),h
(hours) andd
(days). Also accepts "0" without a unit and "-1" to indicate an unspecified value.
curl \
-X PUT http://api.example.com/_security/api_key/{id} \
-H "Content-Type: application/json" \
-d '{"role_descriptors":{"cluster":["string"],"indices":[{"field_security":{"except":"string","grant":"string"},"names":"string","privileges":["string"],"":"string"}],"applications":[{"application":"string","privileges":["string"],"resources":["string"]}],"metadata":{"key":{}},"run_as":["string"],"description":"string","transient_metadata":{"key":{}}},"metadata":{"key":{}},"expiration":"string"}'