Get a token | Elasticsearch API (v8)

Get a token Added in 5.5.0

POST /_security/oauth2/token

Create a bearer token for access without requiring basic authentication.

application/json

Body Required

grant_type string

Values are password, client_credentials, _kerberos, or refresh_token.
scope string
password string
kerberos_ticket string
refresh_token string
username string

Responses

200 application/json
Hide response attributes Show response attributes object
- access_token string Required
- expires_in number Required
- scope string
- type string Required
- refresh_token string
- kerberos_authentication_response_token string
- authentication object
  
  Additional properties are allowed.
  
  Hide authentication attributes Show authentication attributes object
  
  email string | null
  
  One of:
  string-1 string string-2 string | null
  
  full_name string | null
  
  One of:
  _types:Name string string-2 string | null
  
  metadata object Required
  
  Hide metadata attribute Show metadata attribute object
  
  * object Additional properties
  
  Additional properties are allowed.
  
  roles array[string] Required
  
  username string Required
  
  enabled boolean Required
  
  profile_uid string
  
  authentication_realm object Required
  
  Additional properties are allowed.
  
  Hide authentication_realm attributes Show authentication_realm attributes object
  
  name string Required
  
  type string Required
  
  lookup_realm object Required
  
  Additional properties are allowed.
  
  Hide lookup_realm attributes Show lookup_realm attributes object
  
  name string Required
  
  type string Required
  
  authentication_provider object
  
  Additional properties are allowed.
  
  Hide authentication_provider attributes Show authentication_provider attributes object
  
  type string Required
  
  name string Required
  
  authentication_type string Required

POST /_security/oauth2/token

curl \
 -X POST http://api.example.com/_security/oauth2/token \
 -H "Content-Type: application/json" \
 -d '{"grant_type":"password","scope":"string","password":"string","kerberos_ticket":"string","refresh_token":"string","username":"string"}'

Request examples

{
  "grant_type": "password",
  "scope": "string",
  "password": "string",
  "kerberos_ticket": "string",
  "refresh_token": "string",
  "username": "string"
}

Response examples (200)

{
  "access_token": "string",
  "expires_in": 42.0,
  "scope": "string",
  "type": "string",
  "refresh_token": "string",
  "kerberos_authentication_response_token": "string",
  "": {
    "email": "string",
    "full_name": "string",
    "metadata": {
      "additionalProperty1": {},
      "additionalProperty2": {}
    },
    "roles": [
      "string"
    ],
    "username": "string",
    "enabled": true,
    "profile_uid": "string",
    "authentication_realm": {
      "name": "string",
      "type": "string"
    },
    "lookup_realm": {
      "name": "string",
      "type": "string"
    },
    "authentication_provider": {
      "type": "string",
      "name": "string"
    },
    "authentication_type": "string"
  }
}

Get a token Added in 5.5.0

Body Required

Responses

email string | null

full_name string | null