Get API key information Added in 6.7.0
Retrieves information for one or more API keys.
NOTE: If you have only the manage_own_api_key
privilege, this API returns only the API keys that you own.
If you have read_security
, manage_api_key
or greater privileges (including manage_security
), this API returns all API keys regardless of ownership.
Query parameters
-
id string
An API key id. This parameter cannot be used with any of
name
,realm_name
orusername
. -
name string
An API key name. This parameter cannot be used with any of
id
,realm_name
orusername
. It supports prefix search with wildcard. -
owner boolean
A boolean flag that can be used to query API keys owned by the currently authenticated user. The
realm_name
orusername
parameters cannot be specified when this parameter is set totrue
as they are assumed to be the currently authenticated ones. -
realm_name string
The name of an authentication realm. This parameter cannot be used with either
id
orname
or whenowner
flag is set totrue
. -
username string
The username of a user. This parameter cannot be used with either
id
orname
or whenowner
flag is set totrue
. -
with_limited_by boolean
Return the snapshot of the owner user's role descriptors associated with the API key. An API key's actual permission is the intersection of its assigned role descriptors and the owner user's role descriptors.
-
active_only boolean
A boolean flag that can be used to query API keys that are currently active. An API key is considered active if it is neither invalidated, nor expired at query time. You can specify this together with other parameters such as
owner
orname
. Ifactive_only
is false, the response will include both active and inactive (expired or invalidated) keys. -
with_profile_uid boolean
Determines whether to also retrieve the profile uid, for the API key owner principal, if it exists.
curl \
-X GET http://api.example.com/_security/api_key
{
"api_keys": [
{
"creation": 42.0,
"expiration": 42.0,
"id": "string",
"invalidated": true,
"name": "string",
"realm": "string",
"realm_type": "string",
"username": "string",
"profile_uid": "string",
"metadata": {
"additionalProperty1": {},
"additionalProperty2": {}
},
"role_descriptors": {
"additionalProperty1": {
"cluster": [
"string"
],
"indices": [
{}
],
"global": [
{}
],
"applications": [
{}
],
"metadata": {
"additionalProperty1": {},
"additionalProperty2": {}
},
"run_as": [
"string"
],
"description": "string",
"transient_metadata": {
"additionalProperty1": {},
"additionalProperty2": {}
}
},
"additionalProperty2": {
"cluster": [
"string"
],
"indices": [
{}
],
"global": [
{}
],
"applications": [
{}
],
"metadata": {
"additionalProperty1": {},
"additionalProperty2": {}
},
"run_as": [
"string"
],
"description": "string",
"transient_metadata": {
"additionalProperty1": {},
"additionalProperty2": {}
}
}
},
"limited_by": [
{
"additionalProperty1": {
"cluster": [
"string"
],
"indices": [
{}
],
"applications": [
{}
],
"metadata": {},
"run_as": [
"string"
],
"description": "string",
"transient_metadata": {}
},
"additionalProperty2": {
"cluster": [
"string"
],
"indices": [
{}
],
"applications": [
{}
],
"metadata": {},
"run_as": [
"string"
],
"description": "string",
"transient_metadata": {}
}
}
],
"_sort": [
42.0
]
}
]
}