Grant an API key Added in 7.9.0
Create an API key on behalf of another user. This API is similar to the create API keys API, however it creates the API key for a user that is different than the user that runs the API. The caller must have authentication credentials (either an access token, or a username and password) for the user on whose behalf the API key will be created. It is not possible to use this API to create an API key without that user’s credentials. The user, for whom the authentication credentials is provided, can optionally "run as" (impersonate) another user. In this case, the API key will be created on behalf of the impersonated user.
This API is intended be used by applications that need to create and manage API keys for end users, but cannot guarantee that those users have permission to create API keys on their own behalf.
A successful grant API key API call returns a JSON structure that contains the API key, its unique id, and its name. If applicable, it also returns expiration information for the API key in milliseconds.
By default, API keys never expire. You can specify expiration information when you create the API keys.
Body Required
-
Additional properties are allowed.
-
Values are
access_token
orpassword
. -
access_token string
The user’s access token. If you specify the
access_token
grant type, this parameter is required. It is not valid with other grant types. -
username string
-
password string
-
run_as string
curl \
-X POST http://api.example.com/_security/api_key/grant \
-H "Content-Type: application/json" \
-d '{"api_key":{"name":"string","expiration":"string","role_descriptors":{"additionalProperty1":{"cluster":["string"],"indices":[{"field_security":{},"names":["string"],"privileges":["string"],"allow_restricted_indices":true}],"global":[{}],"applications":[{"application":"string","privileges":["string"],"resources":["string"]}],"metadata":{"additionalProperty1":{},"additionalProperty2":{}},"run_as":["string"],"description":"string","transient_metadata":{"additionalProperty1":{},"additionalProperty2":{}}},"additionalProperty2":{"cluster":["string"],"indices":[{"field_security":{},"names":["string"],"privileges":["string"],"allow_restricted_indices":true}],"global":[{}],"applications":[{"application":"string","privileges":["string"],"resources":["string"]}],"metadata":{"additionalProperty1":{},"additionalProperty2":{}},"run_as":["string"],"description":"string","transient_metadata":{"additionalProperty1":{},"additionalProperty2":{}}}},"metadata":{"additionalProperty1":{},"additionalProperty2":{}}},"grant_type":"access_token","access_token":"string","username":"string","password":"string","run_as":"string"}'
{
"api_key": {
"name": "string",
"expiration": "string",
"role_descriptors": {
"additionalProperty1": {
"cluster": [
"string"
],
"indices": [
{
"field_security": {},
"names": [
"string"
],
"privileges": [
"string"
],
"allow_restricted_indices": true
}
],
"global": [
{}
],
"applications": [
{
"application": "string",
"privileges": [
"string"
],
"resources": [
"string"
]
}
],
"metadata": {
"additionalProperty1": {},
"additionalProperty2": {}
},
"run_as": [
"string"
],
"description": "string",
"transient_metadata": {
"additionalProperty1": {},
"additionalProperty2": {}
}
},
"additionalProperty2": {
"cluster": [
"string"
],
"indices": [
{
"field_security": {},
"names": [
"string"
],
"privileges": [
"string"
],
"allow_restricted_indices": true
}
],
"global": [
{}
],
"applications": [
{
"application": "string",
"privileges": [
"string"
],
"resources": [
"string"
]
}
],
"metadata": {
"additionalProperty1": {},
"additionalProperty2": {}
},
"run_as": [
"string"
],
"description": "string",
"transient_metadata": {
"additionalProperty1": {},
"additionalProperty2": {}
}
}
},
"metadata": {
"additionalProperty1": {},
"additionalProperty2": {}
}
},
"grant_type": "access_token",
"access_token": "string",
"username": "string",
"password": "string",
"run_as": "string"
}
{
"api_key": "string",
"id": "string",
"name": "string",
"": 42.0,
"encoded": "string"
}