Elastic Cloud Enterprise API
1

Base URL
https://{{hostname}}/api/v1

This RESTful API enables you to create and manage both your Elastic Stack deployments and the ECE platform.

NOTE: This documentation applies to the Elastic Cloud Enterprise API only. If you are using Elasticsearch Service, use the Elastic Cloud API.

This API supports both key-based and token-based authentication. Key-based is generally the preferred method. For details about creating an API key or bearer token, refer to Authentication.

Documentation source and versions

This documentation is derived from https://api.elastic-cloud.com/api/v1/api-docs/swagger.json. It is provided under license Attribution-NonCommercial-NoDerivatives 4.0 International.

This is version 1 of this API documentation. Last update on Oct 29, 2024.

Authentication

The API accepts 2 different authentication methods:

Basic auth (http)

Basic auth tokens are constructed with the Basic keyword, followed by a space, followed by a base64-encoded string of your username:password (separated by a : colon).

Example: send a Authorization: Basic aGVsbG86aGVsbG8= HTTP header with your requests to authenticate with the API.

Api key (http_api_key)

Send an authentication token in the Authorization header to authenticate with the API.

Accounts

Retrieve and update the current Elasticsearch Service account.

Fetch current account information

GET /account

Fetch current account information.

Responses

  • Account fetched successfully

    Hide response attributes Show response attributes object
    • id string Required

      The account's identifier

    • trust object

      Settings related to the level of trust of the clusters in this account

      Additional properties are allowed.

      Hide trust attribute Show trust attribute object
      • trust_all boolean Required

        If true, all clusters in this account will by default trust all other clusters in the same account

  • Account not found. (code: accounts.not_found)

    Hide headers attribute Show headers attribute
    Hide response attribute Show response attribute object
    • errors array[object] Required

      A list of errors that occurred in the failing request

      Hide errors attributes Show errors attributes object
      • code string Required

        A structured code representing the error type that occurred

      • message string Required

        A human readable message describing the error that occurred

      • fields array[string]

        If the error can be tied to a specific field or fields in the user request, this lists those fields

GET /account
curl \
 -X GET https://{{hostname}}/api/v1/account
Response examples (200)
{
  "id": "string",
  "trust": {
    "trust_all": true
  }
}
Response examples (404)
# Headers
x-cloud-error-codes: accounts.not_found

# Payload
{
  "errors": [
    {
      "code": "string",
      "message": "string",
      "fields": [
        "string"
      ]
    }
  ]
}

Updates the current account

PUT /account

Updates the current account.

Body Required

the current account

  • trust object

    Settings related to the level of trust of the clusters in this account

    Additional properties are allowed.

    Hide trust attribute Show trust attribute object
    • trust_all boolean Required

      If true, all clusters in this account will by default trust all other clusters in the same account

Responses

  • Account updated successfully

    Hide response attributes Show response attributes object
    • id string Required

      The account's identifier

    • trust object

      Settings related to the level of trust of the clusters in this account

      Additional properties are allowed.

      Hide trust attribute Show trust attribute object
      • trust_all boolean Required

        If true, all clusters in this account will by default trust all other clusters in the same account

  • Account not found. (code: accounts.not_found)

    Hide headers attribute Show headers attribute
    Hide response attribute Show response attribute object
    • errors array[object] Required

      A list of errors that occurred in the failing request

      Hide errors attributes Show errors attributes object
      • code string Required

        A structured code representing the error type that occurred

      • message string Required

        A human readable message describing the error that occurred

      • fields array[string]

        If the error can be tied to a specific field or fields in the user request, this lists those fields

PUT /account
curl \
 -X PUT https://{{hostname}}/api/v1/account \
 -d '{"trust":{"trust_all":true}}'
Request examples
{
  "trust": {
    "trust_all": true
  }
}
Response examples (200)
{
  "id": "string",
  "trust": {
    "trust_all": true
  }
}
Response examples (404)
# Headers
x-cloud-error-codes: accounts.not_found

# Payload
{
  "errors": [
    {
      "code": "string",
      "message": "string",
      "fields": [
        "string"
      ]
    }
  ]
}

Updates the current account

PATCH /account

Updates the current account.

Body Required

All changes in the specified object are applied to the current account according to the JSON Merge Patch processing rules. Omitting existing fields causes the same values to be reapplied. Specifying a null value reverts the field to the default value, or removes the field when no default value exists.

string string

Responses

  • Account updated successfully

    Hide response attributes Show response attributes object
    • id string Required

      The account's identifier

    • trust object

      Settings related to the level of trust of the clusters in this account

      Additional properties are allowed.

      Hide trust attribute Show trust attribute object
      • trust_all boolean Required

        If true, all clusters in this account will by default trust all other clusters in the same account

  • Account not found. (code: accounts.not_found)

    Hide headers attribute Show headers attribute
    Hide response attribute Show response attribute object
    • errors array[object] Required

      A list of errors that occurred in the failing request

      Hide errors attributes Show errors attributes object
      • code string Required

        A structured code representing the error type that occurred

      • message string Required

        A human readable message describing the error that occurred

      • fields array[string]

        If the error can be tied to a specific field or fields in the user request, this lists those fields

PATCH /account
curl \
 -X PATCH https://{{hostname}}/api/v1/account \
 -d '"string"'
Request examples
string
Response examples (200)
{
  "id": "string",
  "trust": {
    "trust_all": true
  }
}
Response examples (404)
# Headers
x-cloud-error-codes: accounts.not_found

# Payload
{
  "errors": [
    {
      "code": "string",
      "message": "string",
      "fields": [
        "string"
      ]
    }
  ]
}

Authentication

Manage your Elasticsearch Service API keys.

User authentication information

GET /users/auth

Provides authentication information about a user, including elevated permission status and TOTP device availability.

Responses

  • User authentication information response

    Hide response attributes Show response attributes object
GET /users/auth
curl \
 -X GET https://{{hostname}}/api/v1/users/auth
Response examples (200)
{
  "has_totp_device": true,
  "totp_device_source": "string",
  "has_elevated_permissions": true,
  "elevated_permissions_expire_at": "2025-05-04T09:42:00+00:00",
  "totp_device_source_enable_mfa_href": "string",
  "refresh_token_url": "string",
  "expires_at": "2025-05-04T09:42:00+00:00"
}

Login to ECE

POST /users/auth/_login

Authenticates against available users.

Body Required

The login request

  • username string Required

    The username part of the login request

  • password string Required

    The plain text password part of the login request

  • Configure how the API responds after a successful login.

    Additional properties are allowed.

    Hide login_state attribute Show login_state attribute object
    • path string

      The path to which to redirect post login - if not specified then no redirect is performed, instead 200 is returned with the token in the body

Responses

  • Login successful, returns the token in the body (if 'login_state.path' not specified)

    Hide response attributes Show response attributes object
    • token string Required

      The authorization bearer token that you use in subsequent requests

    • session_expiration_time string(date-time) Required

      The time that the session token will expire

  • Redirects to '/sso/token#BEARER_TOKEN?state=LOGIN_STATE' with the fragment containing a bearer token (if 'login_state.path' is specified)

    Additional properties are allowed.

  • The supplied authentication is invalid. (code: root.unauthenticated)

    Hide headers attribute Show headers attribute
    Hide response attribute Show response attribute object
    • errors array[object] Required

      A list of errors that occurred in the failing request

      Hide errors attributes Show errors attributes object
      • code string Required

        A structured code representing the error type that occurred

      • message string Required

        A human readable message describing the error that occurred

      • fields array[string]

        If the error can be tied to a specific field or fields in the user request, this lists those fields

  • The administrator needs to configure the authentication cluster. (code: authc.no_authentication_cluster)

    Hide headers attribute Show headers attribute
    • The error codes associated with the response

      Value is authc.no_authentication_cluster.

    Hide response attribute Show response attribute object
    • errors array[object] Required

      A list of errors that occurred in the failing request

      Hide errors attributes Show errors attributes object
      • code string Required

        A structured code representing the error type that occurred

      • message string Required

        A human readable message describing the error that occurred

      • fields array[string]

        If the error can be tied to a specific field or fields in the user request, this lists those fields

  • The authentication cluster failed to process the request. The response body contains details about the error. (code: authc.authentication_cluster_error)

    Hide headers attribute Show headers attribute
    • The error codes associated with the response

      Value is authc.authentication_cluster_error.

    Hide response attribute Show response attribute object
    • errors array[object] Required

      A list of errors that occurred in the failing request

      Hide errors attributes Show errors attributes object
      • code string Required

        A structured code representing the error type that occurred

      • message string Required

        A human readable message describing the error that occurred

      • fields array[string]

        If the error can be tied to a specific field or fields in the user request, this lists those fields

POST /users/auth/_login
curl \
 -X POST https://{{hostname}}/api/v1/users/auth/_login \
 -d '{"username":"string","password":"string","login_state":{"path":"string"}}'
Request examples
{
  "username": "string",
  "password": "string",
  "login_state": {
    "path": "string"
  }
}
Response examples (200)
{
  "token": "string",
  "session_expiration_time": "2025-05-04T09:42:00+00:00"
}
Response examples (302)
{}
Response examples (401)
# Headers
x-cloud-error-codes: root.unauthenticated

# Payload
{
  "errors": [
    {
      "code": "string",
      "message": "string",
      "fields": [
        "string"
      ]
    }
  ]
}
Response examples (501)
# Headers
x-cloud-error-codes: authc.no_authentication_cluster

# Payload
{
  "errors": [
    {
      "code": "string",
      "message": "string",
      "fields": [
        "string"
      ]
    }
  ]
}
Response examples (502)
# Headers
x-cloud-error-codes: authc.authentication_cluster_error

# Payload
{
  "errors": [
    {
      "code": "string",
      "message": "string",
      "fields": [
        "string"
      ]
    }
  ]
}

Logout from ECE

POST /users/auth/_logout

Destroys the current session.

Responses

  • The current session was successfully destroyed.

    Additional properties are allowed.

  • The administrator needs to configure the authentication cluster. (code: authc.no_authentication_cluster)

    Hide headers attribute Show headers attribute
    • The error codes associated with the response

      Value is authc.no_authentication_cluster.

    Hide response attribute Show response attribute object
    • errors array[object] Required

      A list of errors that occurred in the failing request

      Hide errors attributes Show errors attributes object
      • code string Required

        A structured code representing the error type that occurred

      • message string Required

        A human readable message describing the error that occurred

      • fields array[string]

        If the error can be tied to a specific field or fields in the user request, this lists those fields

  • The authentication cluster failed to process the request. The response body contains details about the error. (code: authc.authentication_cluster_error)

    Hide headers attribute Show headers attribute
    • The error codes associated with the response

      Value is authc.authentication_cluster_error.

    Hide response attribute Show response attribute object
    • errors array[object] Required

      A list of errors that occurred in the failing request

      Hide errors attributes Show errors attributes object
      • code string Required

        A structured code representing the error type that occurred

      • message string Required

        A human readable message describing the error that occurred

      • fields array[string]

        If the error can be tied to a specific field or fields in the user request, this lists those fields

POST /users/auth/_logout
curl \
 -X POST https://{{hostname}}/api/v1/users/auth/_logout
Response examples (200)
{}
Response examples (501)
# Headers
x-cloud-error-codes: authc.no_authentication_cluster

# Payload
{
  "errors": [
    {
      "code": "string",
      "message": "string",
      "fields": [
        "string"
      ]
    }
  ]
}
Response examples (502)
# Headers
x-cloud-error-codes: authc.authentication_cluster_error

# Payload
{
  "errors": [
    {
      "code": "string",
      "message": "string",
      "fields": [
        "string"
      ]
    }
  ]
}

Refresh authentication token

POST /users/auth/_refresh

Issues a new authentication token.

Responses

  • The token refreshed successfully and was returned in the body of the response.

    Hide response attributes Show response attributes object
    • token string Required

      The authorization bearer token that you use in subsequent requests

    • session_expiration_time string(date-time) Required

      The time that the session token will expire

  • The authentication token is invalid or expired. (code: root.unauthorized)

    Hide headers attribute Show headers attribute
    Hide response attribute Show response attribute object
    • errors array[object] Required

      A list of errors that occurred in the failing request

      Hide errors attributes Show errors attributes object
      • code string Required

        A structured code representing the error type that occurred

      • message string Required

        A human readable message describing the error that occurred

      • fields array[string]

        If the error can be tied to a specific field or fields in the user request, this lists those fields

  • The administrator needs to configure the authentication cluster. (code: authc.no_authentication_cluster)

    Hide headers attribute Show headers attribute
    • The error codes associated with the response

      Value is authc.no_authentication_cluster.

    Hide response attribute Show response attribute object
    • errors array[object] Required

      A list of errors that occurred in the failing request

      Hide errors attributes Show errors attributes object
      • code string Required

        A structured code representing the error type that occurred

      • message string Required

        A human readable message describing the error that occurred

      • fields array[string]

        If the error can be tied to a specific field or fields in the user request, this lists those fields

  • The authentication cluster failed to process the request. The response body contains details about the error. (code: authc.authentication_cluster_error)

    Hide headers attribute Show headers attribute
    • The error codes associated with the response

      Value is authc.authentication_cluster_error.

    Hide response attribute Show response attribute object
    • errors array[object] Required

      A list of errors that occurred in the failing request

      Hide errors attributes Show errors attributes object
      • code string Required

        A structured code representing the error type that occurred

      • message string Required

        A human readable message describing the error that occurred

      • fields array[string]

        If the error can be tied to a specific field or fields in the user request, this lists those fields

POST /users/auth/_refresh
curl \
 -X POST https://{{hostname}}/api/v1/users/auth/_refresh
Response examples (200)
{
  "token": "string",
  "session_expiration_time": "2025-05-04T09:42:00+00:00"
}
Response examples (401)
# Headers
x-cloud-error-codes: root.unauthorized

# Payload
{
  "errors": [
    {
      "code": "string",
      "message": "string",
      "fields": [
        "string"
      ]
    }
  ]
}
Response examples (501)
# Headers
x-cloud-error-codes: authc.no_authentication_cluster

# Payload
{
  "errors": [
    {
      "code": "string",
      "message": "string",
      "fields": [
        "string"
      ]
    }
  ]
}
Response examples (502)
# Headers
x-cloud-error-codes: authc.authentication_cluster_error

# Payload
{
  "errors": [
    {
      "code": "string",
      "message": "string",
      "fields": [
        "string"
      ]
    }
  ]
}

Get all API keys

GET /users/auth/keys

Retrieves the metadata for all of the API keys that the user generated.

Responses

  • The metadata for the API keys is retrieved.

    Hide response attribute Show response attribute object
    • keys array[object] Required

      The list of API keys.

      Hide keys attributes Show keys attributes object
      • id string Required

        The API key ID.

      • user_id string

        The user ID.

      • The organization ID linked to the API key

      • description string Required

        The API key description. TIP: Useful when you have multiple API keys.

      • key string

        The API key. TIP: Since the API key is returned only once, save it in a safe place.

      • creation_date string(date-time) Required

        The date/time for when the API key is created.

      • expiration_date string(date-time)

        The date/time when the API key expires.

GET /users/auth/keys
curl \
 -X GET https://{{hostname}}/api/v1/users/auth/keys
Response examples (200)
{
  "keys": [
    {
      "id": "string",
      "user_id": "string",
      "organization_id": "string",
      "description": "string",
      "key": "string",
      "creation_date": "2025-05-04T09:42:00+00:00",
      "expiration_date": "2025-05-04T09:42:00+00:00"
    }
  ]
}

Create API key

POST /users/auth/keys

Creates a new API key.

Body Required

The request to create the API key

  • description string Required

    API key description. Useful if there are multiple keys

  • The optional expiration for the API key, provided as a duration (ex: '1d', '3h')

Responses

  • The API key is created and returned in the body of the response.

    Hide response attributes Show response attributes object
    • id string Required

      The API key ID.

    • user_id string

      The user ID.

    • The organization ID linked to the API key

    • description string Required

      The API key description. TIP: Useful when you have multiple API keys.

    • key string

      The API key. TIP: Since the API key is returned only once, save it in a safe place.

    • creation_date string(date-time) Required

      The date/time for when the API key is created.

    • expiration_date string(date-time)

      The date/time when the API key expires.

  • The request is invalid. Specify a different request, then try again. (code: api_keys.invalid_input)

    Hide headers attribute Show headers attribute
    • The error codes associated with the response

      Value is api_keys.invalid_input.

    Hide response attribute Show response attribute object
    • errors array[object] Required

      A list of errors that occurred in the failing request

      Hide errors attributes Show errors attributes object
      • code string Required

        A structured code representing the error type that occurred

      • message string Required

        A human readable message describing the error that occurred

      • fields array[string]

        If the error can be tied to a specific field or fields in the user request, this lists those fields

POST /users/auth/keys
curl \
 -X POST https://{{hostname}}/api/v1/users/auth/keys \
 -d '{"description":"string","expiration":"string"}'
Request examples
{
  "description": "string",
  "expiration": "string"
}
Response examples (201)
{
  "id": "string",
  "user_id": "string",
  "organization_id": "string",
  "description": "string",
  "key": "string",
  "creation_date": "2025-05-04T09:42:00+00:00",
  "expiration_date": "2025-05-04T09:42:00+00:00"
}
Response examples (400)
# Headers
x-cloud-error-codes: api_keys.invalid_input

# Payload
{
  "errors": [
    {
      "code": "string",
      "message": "string",
      "fields": [
        "string"
      ]
    }
  ]
}

Delete API keys

DELETE /users/auth/keys

Delete or invalidate API keys.

Body Required

The request to delete API keys

  • keys array[string] Required

    The list of API key IDs.

Responses

  • The API keys are deleted.

    Additional properties are allowed.

DELETE /users/auth/keys
curl \
 -X DELETE https://{{hostname}}/api/v1/users/auth/keys \
 -d '{"keys":["string"]}'
Request examples
{
  "keys": [
    "string"
  ]
}
Response examples (200)
{}

Get all API keys for all users

GET /users/auth/keys/_all

Retrieves the metadata for all of the API keys for all users.

Responses

  • The metadata for the API keys is retrieved.

    Hide response attribute Show response attribute object
    • keys array[object] Required

      The list of API keys.

      Hide keys attributes Show keys attributes object
      • id string Required

        The API key ID.

      • user_id string

        The user ID.

      • The organization ID linked to the API key

      • description string Required

        The API key description. TIP: Useful when you have multiple API keys.

      • key string

        The API key. TIP: Since the API key is returned only once, save it in a safe place.

      • creation_date string(date-time) Required

        The date/time for when the API key is created.

      • expiration_date string(date-time)

        The date/time when the API key expires.

GET /users/auth/keys/_all
curl \
 -X GET https://{{hostname}}/api/v1/users/auth/keys/_all
Response examples (200)
{
  "keys": [
    {
      "id": "string",
      "user_id": "string",
      "organization_id": "string",
      "description": "string",
      "key": "string",
      "creation_date": "2025-05-04T09:42:00+00:00",
      "expiration_date": "2025-05-04T09:42:00+00:00"
    }
  ]
}

Delete API keys of multiple users

DELETE /users/auth/keys/_all

Delete or invalidate the API keys for multiple users.

Body Required

The request to delete API keys.

  • user_api_keys array[object] Required

    The list of API key IDs.

    Hide user_api_keys attributes Show user_api_keys attributes object

Responses

  • The API keys are deleted.

    Additional properties are allowed.

DELETE /users/auth/keys/_all
curl \
 -X DELETE https://{{hostname}}/api/v1/users/auth/keys/_all \
 -d '{"user_api_keys":[{"user_id":"string","api_key_id":"string"}]}'
Request examples
{
  "user_api_keys": [
    {
      "user_id": "string",
      "api_key_id": "string"
    }
  ]
}
Response examples (200)
{}

Get API key

GET /users/auth/keys/{api_key_id}

Retrieves the metadata for an API key.

Path parameters

Responses

  • The API key metadata is retrieved.

    Hide response attributes Show response attributes object
    • id string Required

      The API key ID.

    • user_id string

      The user ID.

    • The organization ID linked to the API key

    • description string Required

      The API key description. TIP: Useful when you have multiple API keys.

    • key string

      The API key. TIP: Since the API key is returned only once, save it in a safe place.

    • creation_date string(date-time) Required

      The date/time for when the API key is created.

    • expiration_date string(date-time)

      The date/time when the API key expires.

  • The {api_key_id} can't be found. (code: api_keys.key_not_found)

    Hide headers attribute Show headers attribute
    • The error codes associated with the response

      Value is api_keys.key_not_found.

    Hide response attribute Show response attribute object
    • errors array[object] Required

      A list of errors that occurred in the failing request

      Hide errors attributes Show errors attributes object
      • code string Required

        A structured code representing the error type that occurred

      • message string Required

        A human readable message describing the error that occurred

      • fields array[string]

        If the error can be tied to a specific field or fields in the user request, this lists those fields

GET /users/auth/keys/{api_key_id}
curl \
 -X GET https://{{hostname}}/api/v1/users/auth/keys/{api_key_id}
Response examples (200)
{
  "id": "string",
  "user_id": "string",
  "organization_id": "string",
  "description": "string",
  "key": "string",
  "creation_date": "2025-05-04T09:42:00+00:00",
  "expiration_date": "2025-05-04T09:42:00+00:00"
}
Response examples (404)
# Headers
x-cloud-error-codes: api_keys.key_not_found

# Payload
{
  "errors": [
    {
      "code": "string",
      "message": "string",
      "fields": [
        "string"
      ]
    }
  ]
}

Delete API key

DELETE /users/auth/keys/{api_key_id}

Delete or invalidate the API key.

Path parameters

Responses

  • The API key is deleted.

    Additional properties are allowed.

  • The {api_key_id} can't be found. (code: api_keys.key_not_found)

    Hide headers attribute Show headers attribute
    • The error codes associated with the response

      Value is api_keys.key_not_found.

    Hide response attribute Show response attribute object
    • errors array[object] Required

      A list of errors that occurred in the failing request

      Hide errors attributes Show errors attributes object
      • code string Required

        A structured code representing the error type that occurred

      • message string Required

        A human readable message describing the error that occurred

      • fields array[string]

        If the error can be tied to a specific field or fields in the user request, this lists those fields

DELETE /users/auth/keys/{api_key_id}
curl \
 -X DELETE https://{{hostname}}/api/v1/users/auth/keys/{api_key_id}
Response examples (200)
{}
Response examples (404)
# Headers
x-cloud-error-codes: api_keys.key_not_found

# Payload
{
  "errors": [
    {
      "code": "string",
      "message": "string",
      "fields": [
        "string"
      ]
    }
  ]
}

Available authentication methods

GET /users/auth/methods

Provides information about available authentication methods.

Responses

  • Available authentication methods response

    Hide response attributes Show response attributes object
    • password boolean Required

      Indicates that username and password authentication is available.

    • saml boolean Required

      Indicates that SAML single sign-on authentication is available.

    • openid boolean Required

      WARNING This endpoint is deprecated and scheduled to be removed in the next major version. This field is no longer used and will always be false.

    • sso_methods array[object] Required

      Lists details for the available single sign-on methods.

      Hide sso_methods attributes Show sso_methods attributes object
      • sso_type string Required

        Indicates the protocol of the single sign-on method.

        Value is saml.

      • name string Required

        The friendly name of the single sign-on method.

      • url string Required

        The URL to initiate the single sign-on login.

GET /users/auth/methods
curl \
 -X GET https://{{hostname}}/api/v1/users/auth/methods
Response examples (200)
{
  "password": true,
  "saml": true,
  "openid": true,
  "sso_methods": [
    {
      "sso_type": "saml",
      "name": "string",
      "url": "string"
    }
  ]
}

SAML callback

POST /users/auth/saml/_callback

Accepts a callback request from an identity provider and authenticates the user.

Responses

  • Redirects to the UI endpoint with an authorization token in the fragment and the relay state, if it was specified during the initialization.

    Additional properties are allowed.

  • The supplied SAML response is invalid. (code: root.unauthenticated)

    Hide headers attribute Show headers attribute
    Hide response attribute Show response attribute object
    • errors array[object] Required

      A list of errors that occurred in the failing request

      Hide errors attributes Show errors attributes object
      • code string Required

        A structured code representing the error type that occurred

      • message string Required

        A human readable message describing the error that occurred

      • fields array[string]

        If the error can be tied to a specific field or fields in the user request, this lists those fields

  • The administrator needs to configure the authentication cluster. (code: authc.no_authentication_cluster)

    Hide headers attribute Show headers attribute
    • The error codes associated with the response

      Value is authc.no_authentication_cluster.

    Hide response attribute Show response attribute object
    • errors array[object] Required

      A list of errors that occurred in the failing request

      Hide errors attributes Show errors attributes object
      • code string Required

        A structured code representing the error type that occurred

      • message string Required

        A human readable message describing the error that occurred

      • fields array[string]

        If the error can be tied to a specific field or fields in the user request, this lists those fields

  • The authentication cluster failed to process the request. The response body contains details about the error. (code: authc.authentication_cluster_error)

    Hide headers attribute Show headers attribute
    • The error codes associated with the response

      Value is authc.authentication_cluster_error.

    Hide response attribute Show response attribute object
    • errors array[object] Required

      A list of errors that occurred in the failing request

      Hide errors attributes Show errors attributes object
      • code string Required

        A structured code representing the error type that occurred

      • message string Required

        A human readable message describing the error that occurred

      • fields array[string]

        If the error can be tied to a specific field or fields in the user request, this lists those fields

POST /users/auth/saml/_callback
curl \
 -X POST https://{{hostname}}/api/v1/users/auth/saml/_callback
Response examples (302)
{}
Response examples (401)
# Headers
x-cloud-error-codes: root.unauthenticated

# Payload
{
  "errors": [
    {
      "code": "string",
      "message": "string",
      "fields": [
        "string"
      ]
    }
  ]
}
Response examples (501)
# Headers
x-cloud-error-codes: authc.no_authentication_cluster

# Payload
{
  "errors": [
    {
      "code": "string",
      "message": "string",
      "fields": [
        "string"
      ]
    }
  ]
}
Response examples (502)
# Headers
x-cloud-error-codes: authc.authentication_cluster_error

# Payload
{
  "errors": [
    {
      "code": "string",
      "message": "string",
      "fields": [
        "string"
      ]
    }
  ]
}

Initiate SAML protocol

GET /users/auth/saml/_init

Calls the authentication cluster to initiate SAML Single Sign-on (Web Browser SSO profile) protocol and redirects the user to the identity provider for authentication. The authentication cluster must be configured prior to initiation.

Query parameters

  • state string

    An optional relay state that is sent back to the client after the user is authenticated

Responses

  • Redirects the client to the identity provider with a SAML authentication request

    Additional properties are allowed.

  • The administrator needs to configure the authentication cluster. (code: authc.no_authentication_cluster)

    Hide headers attribute Show headers attribute
    • The error codes associated with the response

      Value is authc.no_authentication_cluster.

    Hide response attribute Show response attribute object
    • errors array[object] Required

      A list of errors that occurred in the failing request

      Hide errors attributes Show errors attributes object
      • code string Required

        A structured code representing the error type that occurred

      • message string Required

        A human readable message describing the error that occurred

      • fields array[string]

        If the error can be tied to a specific field or fields in the user request, this lists those fields

  • The authentication cluster failed to process the request. The response body contains details about the error. (code: authc.authentication_cluster_error)

    Hide headers attribute Show headers attribute
    • The error codes associated with the response

      Value is authc.authentication_cluster_error.

    Hide response attribute Show response attribute object
    • errors array[object] Required

      A list of errors that occurred in the failing request

      Hide errors attributes Show errors attributes object
      • code string Required

        A structured code representing the error type that occurred

      • message string Required

        A human readable message describing the error that occurred

      • fields array[string]

        If the error can be tied to a specific field or fields in the user request, this lists those fields

GET /users/auth/saml/_init
curl \
 -X GET https://{{hostname}}/api/v1/users/auth/saml/_init
Response examples (302)
{}
Response examples (501)
# Headers
x-cloud-error-codes: authc.no_authentication_cluster

# Payload
{
  "errors": [
    {
      "code": "string",
      "message": "string",
      "fields": [
        "string"
      ]
    }
  ]
}
Response examples (502)
# Headers
x-cloud-error-codes: authc.authentication_cluster_error

# Payload
{
  "errors": [
    {
      "code": "string",
      "message": "string",
      "fields": [
        "string"
      ]
    }
  ]
}

Get API key metadata for all keys created by the user

GET /users/{user_id}/auth/keys

Retrieves metadata for all API keys created by the given user.

Path parameters

Responses

  • The API key metadata is retrieved.

    Hide response attribute Show response attribute object
    • keys array[object] Required

      The list of API keys.

      Hide keys attributes Show keys attributes object
      • id string Required

        The API key ID.

      • user_id string

        The user ID.

      • The organization ID linked to the API key

      • description string Required

        The API key description. TIP: Useful when you have multiple API keys.

      • key string

        The API key. TIP: Since the API key is returned only once, save it in a safe place.

      • creation_date string(date-time) Required

        The date/time for when the API key is created.

      • expiration_date string(date-time)

        The date/time when the API key expires.

  • The {user_id} can't be found. (code: api_keys.user_not_found)

    Hide headers attribute Show headers attribute
    • The error codes associated with the response

      Value is api_keys.user_not_found.

    Hide response attribute Show response attribute object
    • errors array[object] Required

      A list of errors that occurred in the failing request

      Hide errors attributes Show errors attributes object
      • code string Required

        A structured code representing the error type that occurred

      • message string Required

        A human readable message describing the error that occurred

      • fields array[string]

        If the error can be tied to a specific field or fields in the user request, this lists those fields

GET /users/{user_id}/auth/keys
curl \
 -X GET https://{{hostname}}/api/v1/users/{user_id}/auth/keys
Response examples (200)
{
  "keys": [
    {
      "id": "string",
      "user_id": "string",
      "organization_id": "string",
      "description": "string",
      "key": "string",
      "creation_date": "2025-05-04T09:42:00+00:00",
      "expiration_date": "2025-05-04T09:42:00+00:00"
    }
  ]
}
Response examples (404)
# Headers
x-cloud-error-codes: api_keys.user_not_found

# Payload
{
  "errors": [
    {
      "code": "string",
      "message": "string",
      "fields": [
        "string"
      ]
    }
  ]
}

Delete API keys for a user

DELETE /users/{user_id}/auth/keys

Delete or invalidate all of the API keys for a user.

Path parameters

Responses

  • The API key is deleted.

    Additional properties are allowed.

  • The {user_id} can't be found. (code: api_keys.user_not_found)

    Hide headers attribute Show headers attribute
    • The error codes associated with the response

      Value is api_keys.user_not_found.

    Hide response attribute Show response attribute object
    • errors array[object] Required

      A list of errors that occurred in the failing request

      Hide errors attributes Show errors attributes object
      • code string Required

        A structured code representing the error type that occurred

      • message string Required

        A human readable message describing the error that occurred

      • fields array[string]

        If the error can be tied to a specific field or fields in the user request, this lists those fields

DELETE /users/{user_id}/auth/keys
curl \
 -X DELETE https://{{hostname}}/api/v1/users/{user_id}/auth/keys
Response examples (200)
{}
Response examples (404)
# Headers
x-cloud-error-codes: api_keys.user_not_found

# Payload
{
  "errors": [
    {
      "code": "string",
      "message": "string",
      "fields": [
        "string"
      ]
    }
  ]
}

Get a user API key

GET /users/{user_id}/auth/keys/{api_key_id}

Retrieves the API key metadata for a user.

Path parameters

Responses

  • The API key metadata is retrieved.

    Hide response attributes Show response attributes object
    • id string Required

      The API key ID.

    • user_id string

      The user ID.

    • The organization ID linked to the API key

    • description string Required

      The API key description. TIP: Useful when you have multiple API keys.

    • key string

      The API key. TIP: Since the API key is returned only once, save it in a safe place.

    • creation_date string(date-time) Required

      The date/time for when the API key is created.

    • expiration_date string(date-time)

      The date/time when the API key expires.

  • The {api_key_id} can't be found. (code: api_keys.key_not_found)

    Hide headers attribute Show headers attribute
    • The error codes associated with the response

      Value is api_keys.key_not_found.

    Hide response attribute Show response attribute object
    • errors array[object] Required

      A list of errors that occurred in the failing request

      Hide errors attributes Show errors attributes object
      • code string Required

        A structured code representing the error type that occurred

      • message string Required

        A human readable message describing the error that occurred

      • fields array[string]

        If the error can be tied to a specific field or fields in the user request, this lists those fields

GET /users/{user_id}/auth/keys/{api_key_id}
curl \
 -X GET https://{{hostname}}/api/v1/users/{user_id}/auth/keys/{api_key_id}
Response examples (200)
{
  "id": "string",
  "user_id": "string",
  "organization_id": "string",
  "description": "string",
  "key": "string",
  "creation_date": "2025-05-04T09:42:00+00:00",
  "expiration_date": "2025-05-04T09:42:00+00:00"
}
Response examples (404)
# Headers
x-cloud-error-codes: api_keys.key_not_found

# Payload
{
  "errors": [
    {
      "code": "string",
      "message": "string",
      "fields": [
        "string"
      ]
    }
  ]
}

Delete an API key for a user

DELETE /users/{user_id}/auth/keys/{api_key_id}

Delete or invalidate an API key for a user.

Path parameters

Responses

  • The API key is deleted.

    Additional properties are allowed.

  • The {api_key_id} can't be found. (code: api_keys.key_not_found)

    Hide headers attribute Show headers attribute
    • The error codes associated with the response

      Value is api_keys.key_not_found.

    Hide response attribute Show response attribute object
    • errors array[object] Required

      A list of errors that occurred in the failing request

      Hide errors attributes Show errors attributes object
      • code string Required

        A structured code representing the error type that occurred

      • message string Required

        A human readable message describing the error that occurred

      • fields array[string]

        If the error can be tied to a specific field or fields in the user request, this lists those fields

DELETE /users/{user_id}/auth/keys/{api_key_id}
curl \
 -X DELETE https://{{hostname}}/api/v1/users/{user_id}/auth/keys/{api_key_id}
Response examples (200)
{}
Response examples (404)
# Headers
x-cloud-error-codes: api_keys.key_not_found

# Payload
{
  "errors": [
    {
      "code": "string",
      "message": "string",
      "fields": [
        "string"
      ]
    }
  ]
}

Billing costs analysis

Get an overview of your costs by organization ID.