Create a service account token

POST /_security/service/{namespace}/{service}/credential/token

Api key auth Basic auth Bearer auth

Create a service accounts token for access without requiring basic authentication.

NOTE: Service account tokens never expire. You must actively delete them if they are no longer needed.

External documentation

Path parameters

namespace string Required

The name of the namespace, which is a top-level grouping of service accounts.
service string Required

The name of the service.

Query parameters

refresh string

If true then refresh the affected shards to make this operation visible to search, if wait_for (the default) then wait for a refresh to make this operation visible to search, if false then do nothing with refreshes.

Values are true, false, or wait_for.

Responses

200 application/json
Hide response attributes Show response attributes object
- created boolean Required
- token object Required
  
  Hide token attributes Show token attributes object
  
  name string Required
  
  value string Required

POST /_security/service/{namespace}/{service}/credential/token

curl \
 --request POST 'http://api.example.com/_security/service/{namespace}/{service}/credential/token' \
 --header "Authorization: $API_KEY"

Response examples (200)

A successful response from `POST /_security/service/elastic/fleet-server/credential/token/token1`. The response includes the service account token, its name, and its secret value as a bearer token.

{
  "created": true,
  "token": {
    "name": "token1",
    "value": "AAEAAWVsYXN0aWM...vZmxlZXQtc2VydmVyL3Rva2VuMTo3TFdaSDZ" 
  }
}