Create an API key Added in 6.7.0
Create an API key for access without requiring basic authentication. A successful request returns a JSON structure that contains the API key, its unique id, and its name. If applicable, it also returns expiration information for the API key in milliseconds. NOTE: By default, API keys never expire. You can specify expiration information when you create the API keys.
Query parameters
-
refresh string
If
true
(the default) then refresh the affected shards to make this operation visible to search, ifwait_for
then wait for a refresh to make this operation visible to search, iffalse
then do nothing with refreshes.Values are
true
,false
, orwait_for
.
Body Required
-
expiration string
A duration. Units can be
nanos
,micros
,ms
(milliseconds),s
(seconds),m
(minutes),h
(hours) andd
(days). Also accepts "0" without a unit and "-1" to indicate an unspecified value. -
name string
-
role_descriptors object
An array of role descriptors for this API key. This parameter is optional. When it is not specified or is an empty array, then the API key will have a point in time snapshot of permissions of the authenticated user. If you supply role descriptors then the resultant permissions would be an intersection of API keys permissions and authenticated user’s permissions thereby limiting the access scope for API keys. The structure of role descriptor is the same as the request for create role API. For more details, see create or update roles API.
-
metadata object
curl \
-X POST http://api.example.com/_security/api_key \
-H "Content-Type: application/json" \
-d '{"expiration":"string","name":"string","role_descriptors":{"additionalProperty1":{"cluster":["string"],"indices":[{"field_security":{"except":"string","grant":"string"},"names":"string","privileges":["string"],"":"string","allow_restricted_indices":true}],"global":[{"application":{"manage":{}}}],"applications":[{"application":"string","privileges":["string"],"resources":["string"]}],"metadata":{"additionalProperty1":{},"additionalProperty2":{}},"run_as":["string"],"description":"string","transient_metadata":{"additionalProperty1":{},"additionalProperty2":{}}},"additionalProperty2":{"cluster":["string"],"indices":[{"field_security":{"except":"string","grant":"string"},"names":"string","privileges":["string"],"":"string","allow_restricted_indices":true}],"global":[{"application":{"manage":{}}}],"applications":[{"application":"string","privileges":["string"],"resources":["string"]}],"metadata":{"additionalProperty1":{},"additionalProperty2":{}},"run_as":["string"],"description":"string","transient_metadata":{"additionalProperty1":{},"additionalProperty2":{}}}},"metadata":{"additionalProperty1":{},"additionalProperty2":{}}}'
{
"expiration": "string",
"name": "string",
"role_descriptors": {
"additionalProperty1": {
"cluster": [
"string"
],
"indices": [
{
"field_security": {
"except": "string",
"grant": "string"
},
"names": "string",
"privileges": [
"string"
],
"": "string",
"allow_restricted_indices": true
}
],
"global": [
{
"application": {
"manage": {}
}
}
],
"applications": [
{
"application": "string",
"privileges": [
"string"
],
"resources": [
"string"
]
}
],
"metadata": {
"additionalProperty1": {},
"additionalProperty2": {}
},
"run_as": [
"string"
],
"description": "string",
"transient_metadata": {
"additionalProperty1": {},
"additionalProperty2": {}
}
},
"additionalProperty2": {
"cluster": [
"string"
],
"indices": [
{
"field_security": {
"except": "string",
"grant": "string"
},
"names": "string",
"privileges": [
"string"
],
"": "string",
"allow_restricted_indices": true
}
],
"global": [
{
"application": {
"manage": {}
}
}
],
"applications": [
{
"application": "string",
"privileges": [
"string"
],
"resources": [
"string"
]
}
],
"metadata": {
"additionalProperty1": {},
"additionalProperty2": {}
},
"run_as": [
"string"
],
"description": "string",
"transient_metadata": {
"additionalProperty1": {},
"additionalProperty2": {}
}
}
},
"metadata": {
"additionalProperty1": {},
"additionalProperty2": {}
}
}
{
"api_key": "string",
"expiration": 42.0,
"id": "string",
"name": "string",
"encoded": "string"
}