Find API keys with a query Added in 7.15.0
Get a paginated list of API keys and their information. You can optionally filter the results with a query.
To use this API, you must have at least the manage_own_api_key
or the read_security
cluster privileges.
If you have only the manage_own_api_key
privilege, this API returns only the API keys that you own.
If you have the read_security
, manage_api_key
, or greater privileges (including manage_security
), this API returns all API keys regardless of ownership.
Query parameters
-
with_limited_by boolean
Return the snapshot of the owner user's role descriptors associated with the API key. An API key's actual permission is the intersection of its assigned role descriptors and the owner user's role descriptors (effectively limited by it). An API key cannot retrieve any API key’s limited-by role descriptors (including itself) unless it has
manage_api_key
or higher privileges. -
with_profile_uid boolean
Determines whether to also retrieve the profile UID for the API key owner principal. If it exists, the profile UID is returned under the
profile_uid
response field for each API key. -
typed_keys boolean
Determines whether aggregation names are prefixed by their respective types in the response.
Body
-
aggregations object
Any aggregations to run over the corpus of returned API keys. Aggregations and queries work together. Aggregations are computed only on the API keys that match the query. This supports only a subset of aggregation types, namely:
terms
,range
,date_range
,missing
,cardinality
,value_count
,composite
,filter
, andfilters
. Additionally, aggregations only run over the same subset of fields that query works with. -
query object
Additional properties are allowed.
-
from number
The starting document offset. It must not be negative. By default, you cannot page through more than 10,000 hits using the
from
andsize
parameters. To page through more hits, use thesearch_after
parameter. -
size number
The number of hits to return. It must not be negative. The
size
parameter can be set to0
, in which case no API key matches are returned, only the aggregation results. By default, you cannot page through more than 10,000 hits using thefrom
andsize
parameters. To page through more hits, use thesearch_after
parameter. -
search_after array[number | string | boolean | null]
A field value.
curl \
--request GET http://api.example.com/_security/_query/api_key \
--header "Content-Type: application/json" \
--data '{"aggregations":{},"query":{"match":{},"prefix":{},"range":{},"term":{},"wildcard":{}},"from":42.0,"":"string","size":42.0,"search_after":[42.0]}'
{
"aggregations": {},
"query": {
"match": {},
"prefix": {},
"range": {},
"term": {},
"wildcard": {}
},
"from": 42.0,
"": "string",
"size": 42.0,
"search_after": [
42.0
]
}
{
"total": 42.0,
"count": 42.0,
"api_keys": [
{
"id": "string",
"name": "string",
"type": "rest",
"": 42.0,
"invalidated": true,
"username": "string",
"realm": "string",
"realm_type": "string",
"metadata": {
"additionalProperty1": {},
"additionalProperty2": {}
},
"role_descriptors": {
"additionalProperty1": {
"cluster": [
"string"
],
"indices": [
{}
],
"remote_indices": [
{}
],
"remote_cluster": [
{}
],
"global": [
{}
],
"applications": [
{}
],
"metadata": {
"additionalProperty1": {},
"additionalProperty2": {}
},
"run_as": [
"string"
],
"description": "string",
"restriction": {
"workflows": [
"string"
]
},
"transient_metadata": {
"additionalProperty1": {},
"additionalProperty2": {}
}
},
"additionalProperty2": {
"cluster": [
"string"
],
"indices": [
{}
],
"remote_indices": [
{}
],
"remote_cluster": [
{}
],
"global": [
{}
],
"applications": [
{}
],
"metadata": {
"additionalProperty1": {},
"additionalProperty2": {}
},
"run_as": [
"string"
],
"description": "string",
"restriction": {
"workflows": [
"string"
]
},
"transient_metadata": {
"additionalProperty1": {},
"additionalProperty2": {}
}
}
},
"limited_by": [
{
"additionalProperty1": {
"cluster": [
"string"
],
"indices": [
{}
],
"remote_indices": [
{}
],
"remote_cluster": [
{}
],
"applications": [
{}
],
"metadata": {},
"run_as": [
"string"
],
"description": "string",
"restriction": {},
"transient_metadata": {}
},
"additionalProperty2": {
"cluster": [
"string"
],
"indices": [
{}
],
"remote_indices": [
{}
],
"remote_cluster": [
{}
],
"applications": [
{}
],
"metadata": {},
"run_as": [
"string"
],
"description": "string",
"restriction": {},
"transient_metadata": {}
}
}
],
"access": {
"replication": [
{
"allow_restricted_indices": true
}
],
"search": [
{
"field_security": {},
"allow_restricted_indices": true
}
]
},
"profile_uid": "string",
"_sort": [
42.0
]
}
],
"aggregations": {}
}