Elastic Cloud Enterprise API
1

Base URL
https://{{hostname}}/api/v1

This RESTful API enables you to create and manage both your Elastic Stack deployments and the ECE platform.

NOTE: This documentation applies to the Elastic Cloud Enterprise API only. If you are using Elasticsearch Service, use the Elastic Cloud API.

This API supports both key-based and token-based authentication. Key-based is generally the preferred method. For details about creating an API key or bearer token, refer to Authentication.

Documentation source and versions

This documentation is derived from https://api.elastic-cloud.com/api/v1/api-docs/swagger.json. It is provided under license Attribution-NonCommercial-NoDerivatives 4.0 International.

This is version 1 of this API documentation. Last update on Oct 29, 2024.

Authentication

The API accepts 2 different authentication methods:

Basic auth (http)

Basic auth tokens are constructed with the Basic keyword, followed by a space, followed by a base64-encoded string of your username:password (separated by a : colon).

Example: send a Authorization: Basic aGVsbG86aGVsbG8= HTTP header with your requests to authenticate with the API.

Api key (http_api_key)

Send an authentication token in the Authorization header to authenticate with the API.

Accounts

Retrieve and update the current Elasticsearch Service account.

Fetch current account information

GET /account

Fetch current account information.

Responses

  • Account fetched successfully

    Hide response attributes Show response attributes object
    • id string Required

      The account's identifier

    • trust object

      Settings related to the level of trust of the clusters in this account

      Additional properties are allowed.

      Hide trust attribute Show trust attribute object
      • trust_all boolean Required

        If true, all clusters in this account will by default trust all other clusters in the same account

  • Account not found. (code: accounts.not_found)

    Hide headers attribute Show headers attribute
    Hide response attribute Show response attribute object
    • errors array[object] Required

      A list of errors that occurred in the failing request

      Hide errors attributes Show errors attributes object
      • code string Required

        A structured code representing the error type that occurred

      • message string Required

        A human readable message describing the error that occurred

      • fields array[string]

        If the error can be tied to a specific field or fields in the user request, this lists those fields

GET /account
curl \
 -X GET https://{{hostname}}/api/v1/account
Response examples (200)
{
  "id": "string",
  "trust": {
    "trust_all": true
  }
}
Response examples (404)
# Headers
x-cloud-error-codes: accounts.not_found

# Payload
{
  "errors": [
    {
      "code": "string",
      "message": "string",
      "fields": [
        "string"
      ]
    }
  ]
}

Updates the current account

PUT /account

Updates the current account.

Body Required

the current account

  • trust object

    Settings related to the level of trust of the clusters in this account

    Additional properties are allowed.

    Hide trust attribute Show trust attribute object
    • trust_all boolean Required

      If true, all clusters in this account will by default trust all other clusters in the same account

Responses

  • Account updated successfully

    Hide response attributes Show response attributes object
    • id string Required

      The account's identifier

    • trust object

      Settings related to the level of trust of the clusters in this account

      Additional properties are allowed.

      Hide trust attribute Show trust attribute object
      • trust_all boolean Required

        If true, all clusters in this account will by default trust all other clusters in the same account

  • Account not found. (code: accounts.not_found)

    Hide headers attribute Show headers attribute
    Hide response attribute Show response attribute object
    • errors array[object] Required

      A list of errors that occurred in the failing request

      Hide errors attributes Show errors attributes object
      • code string Required

        A structured code representing the error type that occurred

      • message string Required

        A human readable message describing the error that occurred

      • fields array[string]

        If the error can be tied to a specific field or fields in the user request, this lists those fields

PUT /account
curl \
 -X PUT https://{{hostname}}/api/v1/account \
 -d '{"trust":{"trust_all":true}}'
Request examples
{
  "trust": {
    "trust_all": true
  }
}
Response examples (200)
{
  "id": "string",
  "trust": {
    "trust_all": true
  }
}
Response examples (404)
# Headers
x-cloud-error-codes: accounts.not_found

# Payload
{
  "errors": [
    {
      "code": "string",
      "message": "string",
      "fields": [
        "string"
      ]
    }
  ]
}

Updates the current account

PATCH /account

Updates the current account.

Body Required

All changes in the specified object are applied to the current account according to the JSON Merge Patch processing rules. Omitting existing fields causes the same values to be reapplied. Specifying a null value reverts the field to the default value, or removes the field when no default value exists.

string string

Responses

  • Account updated successfully

    Hide response attributes Show response attributes object
    • id string Required

      The account's identifier

    • trust object

      Settings related to the level of trust of the clusters in this account

      Additional properties are allowed.

      Hide trust attribute Show trust attribute object
      • trust_all boolean Required

        If true, all clusters in this account will by default trust all other clusters in the same account

  • Account not found. (code: accounts.not_found)

    Hide headers attribute Show headers attribute
    Hide response attribute Show response attribute object
    • errors array[object] Required

      A list of errors that occurred in the failing request

      Hide errors attributes Show errors attributes object
      • code string Required

        A structured code representing the error type that occurred

      • message string Required

        A human readable message describing the error that occurred

      • fields array[string]

        If the error can be tied to a specific field or fields in the user request, this lists those fields

PATCH /account
curl \
 -X PATCH https://{{hostname}}/api/v1/account \
 -d '"string"'
Request examples
string
Response examples (200)
{
  "id": "string",
  "trust": {
    "trust_all": true
  }
}
Response examples (404)
# Headers
x-cloud-error-codes: accounts.not_found

# Payload
{
  "errors": [
    {
      "code": "string",
      "message": "string",
      "fields": [
        "string"
      ]
    }
  ]
}

Authentication

Manage your Elasticsearch Service API keys.

User authentication information

GET /users/auth

Provides authentication information about a user, including elevated permission status and TOTP device availability.

Responses

  • User authentication information response

    Hide response attributes Show response attributes object
GET /users/auth
curl \
 -X GET https://{{hostname}}/api/v1/users/auth
Response examples (200)
{
  "has_totp_device": true,
  "totp_device_source": "string",
  "has_elevated_permissions": true,
  "elevated_permissions_expire_at": "2025-05-04T09:42:00+00:00",
  "totp_device_source_enable_mfa_href": "string",
  "refresh_token_url": "string",
  "expires_at": "2025-05-04T09:42:00+00:00"
}

Login to ECE

POST /users/auth/_login

Authenticates against available users.

Body Required

The login request

  • username string Required

    The username part of the login request

  • password string Required

    The plain text password part of the login request

  • Configure how the API responds after a successful login.

    Additional properties are allowed.

    Hide login_state attribute Show login_state attribute object
    • path string

      The path to which to redirect post login - if not specified then no redirect is performed, instead 200 is returned with the token in the body

Responses

  • Login successful, returns the token in the body (if 'login_state.path' not specified)

    Hide response attributes Show response attributes object
    • token string Required

      The authorization bearer token that you use in subsequent requests

    • session_expiration_time string(date-time) Required

      The time that the session token will expire

  • Redirects to '/sso/token#BEARER_TOKEN?state=LOGIN_STATE' with the fragment containing a bearer token (if 'login_state.path' is specified)

    Additional properties are allowed.

  • The supplied authentication is invalid. (code: root.unauthenticated)

    Hide headers attribute Show headers attribute
    Hide response attribute Show response attribute object
    • errors array[object] Required

      A list of errors that occurred in the failing request

      Hide errors attributes Show errors attributes object
      • code string Required

        A structured code representing the error type that occurred

      • message string Required

        A human readable message describing the error that occurred

      • fields array[string]

        If the error can be tied to a specific field or fields in the user request, this lists those fields

  • The administrator needs to configure the authentication cluster. (code: authc.no_authentication_cluster)

    Hide headers attribute Show headers attribute
    • The error codes associated with the response

      Value is authc.no_authentication_cluster.

    Hide response attribute Show response attribute object
    • errors array[object] Required

      A list of errors that occurred in the failing request

      Hide errors attributes Show errors attributes object
      • code string Required

        A structured code representing the error type that occurred

      • message string Required

        A human readable message describing the error that occurred

      • fields array[string]

        If the error can be tied to a specific field or fields in the user request, this lists those fields

  • The authentication cluster failed to process the request. The response body contains details about the error. (code: authc.authentication_cluster_error)

    Hide headers attribute Show headers attribute
    • The error codes associated with the response

      Value is authc.authentication_cluster_error.

    Hide response attribute Show response attribute object
    • errors array[object] Required

      A list of errors that occurred in the failing request

      Hide errors attributes Show errors attributes object
      • code string Required

        A structured code representing the error type that occurred

      • message string Required

        A human readable message describing the error that occurred

      • fields array[string]

        If the error can be tied to a specific field or fields in the user request, this lists those fields

POST /users/auth/_login
curl \
 -X POST https://{{hostname}}/api/v1/users/auth/_login \
 -d '{"username":"string","password":"string","login_state":{"path":"string"}}'
Request examples
{
  "username": "string",
  "password": "string",
  "login_state": {
    "path": "string"
  }
}
Response examples (200)
{
  "token": "string",
  "session_expiration_time": "2025-05-04T09:42:00+00:00"
}
Response examples (302)
{}
Response examples (401)
# Headers
x-cloud-error-codes: root.unauthenticated

# Payload
{
  "errors": [
    {
      "code": "string",
      "message": "string",
      "fields": [
        "string"
      ]
    }
  ]
}
Response examples (501)
# Headers
x-cloud-error-codes: authc.no_authentication_cluster

# Payload
{
  "errors": [
    {
      "code": "string",
      "message": "string",
      "fields": [
        "string"
      ]
    }
  ]
}
Response examples (502)
# Headers
x-cloud-error-codes: authc.authentication_cluster_error

# Payload
{
  "errors": [
    {
      "code": "string",
      "message": "string",
      "fields": [
        "string"
      ]
    }
  ]
}

Logout from ECE

POST /users/auth/_logout

Destroys the current session.

Responses

  • The current session was successfully destroyed.

    Additional properties are allowed.

  • The administrator needs to configure the authentication cluster. (code: authc.no_authentication_cluster)

    Hide headers attribute Show headers attribute
    • The error codes associated with the response

      Value is authc.no_authentication_cluster.

    Hide response attribute Show response attribute object
    • errors array[object] Required

      A list of errors that occurred in the failing request

      Hide errors attributes Show errors attributes object
      • code string Required

        A structured code representing the error type that occurred

      • message string Required

        A human readable message describing the error that occurred

      • fields array[string]

        If the error can be tied to a specific field or fields in the user request, this lists those fields

  • The authentication cluster failed to process the request. The response body contains details about the error. (code: authc.authentication_cluster_error)

    Hide headers attribute Show headers attribute
    • The error codes associated with the response

      Value is authc.authentication_cluster_error.

    Hide response attribute Show response attribute object
    • errors array[object] Required

      A list of errors that occurred in the failing request

      Hide errors attributes Show errors attributes object
      • code string Required

        A structured code representing the error type that occurred

      • message string Required

        A human readable message describing the error that occurred

      • fields array[string]

        If the error can be tied to a specific field or fields in the user request, this lists those fields

POST /users/auth/_logout
curl \
 -X POST https://{{hostname}}/api/v1/users/auth/_logout
Response examples (200)
{}
Response examples (501)
# Headers
x-cloud-error-codes: authc.no_authentication_cluster

# Payload
{
  "errors": [
    {
      "code": "string",
      "message": "string",
      "fields": [
        "string"
      ]
    }
  ]
}
Response examples (502)
# Headers
x-cloud-error-codes: authc.authentication_cluster_error

# Payload
{
  "errors": [
    {
      "code": "string",
      "message": "string",
      "fields": [
        "string"
      ]
    }
  ]
}

Refresh authentication token

POST /users/auth/_refresh

Issues a new authentication token.

Responses

  • The token refreshed successfully and was returned in the body of the response.

    Hide response attributes Show response attributes object
    • token string Required

      The authorization bearer token that you use in subsequent requests

    • session_expiration_time string(date-time) Required

      The time that the session token will expire

  • The authentication token is invalid or expired. (code: root.unauthorized)

    Hide headers attribute Show headers attribute
    Hide response attribute Show response attribute object
    • errors array[object] Required

      A list of errors that occurred in the failing request

      Hide errors attributes Show errors attributes object
      • code string Required

        A structured code representing the error type that occurred

      • message string Required

        A human readable message describing the error that occurred

      • fields array[string]

        If the error can be tied to a specific field or fields in the user request, this lists those fields

  • The administrator needs to configure the authentication cluster. (code: authc.no_authentication_cluster)

    Hide headers attribute Show headers attribute
    • The error codes associated with the response

      Value is authc.no_authentication_cluster.

    Hide response attribute Show response attribute object
    • errors array[object] Required

      A list of errors that occurred in the failing request

      Hide errors attributes Show errors attributes object
      • code string Required

        A structured code representing the error type that occurred

      • message string Required

        A human readable message describing the error that occurred

      • fields array[string]

        If the error can be tied to a specific field or fields in the user request, this lists those fields

  • The authentication cluster failed to process the request. The response body contains details about the error. (code: authc.authentication_cluster_error)

    Hide headers attribute Show headers attribute
    • The error codes associated with the response

      Value is authc.authentication_cluster_error.

    Hide response attribute Show response attribute object
    • errors array[object] Required

      A list of errors that occurred in the failing request

      Hide errors attributes Show errors attributes object
      • code string Required

        A structured code representing the error type that occurred

      • message string Required

        A human readable message describing the error that occurred

      • fields array[string]

        If the error can be tied to a specific field or fields in the user request, this lists those fields

POST /users/auth/_refresh
curl \
 -X POST https://{{hostname}}/api/v1/users/auth/_refresh
Response examples (200)
{
  "token": "string",
  "session_expiration_time": "2025-05-04T09:42:00+00:00"
}
Response examples (401)
# Headers
x-cloud-error-codes: root.unauthorized

# Payload
{
  "errors": [
    {
      "code": "string",
      "message": "string",
      "fields": [
        "string"
      ]
    }
  ]
}
Response examples (501)
# Headers
x-cloud-error-codes: authc.no_authentication_cluster

# Payload
{
  "errors": [
    {
      "code": "string",
      "message": "string",
      "fields": [
        "string"
      ]
    }
  ]
}
Response examples (502)
# Headers
x-cloud-error-codes: authc.authentication_cluster_error

# Payload
{
  "errors": [
    {
      "code": "string",
      "message": "string",
      "fields": [
        "string"
      ]
    }
  ]
}

Get all API keys

GET /users/auth/keys

Retrieves the metadata for all of the API keys that the user generated.

Responses

  • The metadata for the API keys is retrieved.

    Hide response attribute Show response attribute object
    • keys array[object] Required

      The list of API keys.

      Hide keys attributes Show keys attributes object
      • id string Required

        The API key ID.

      • user_id string

        The user ID.

      • The organization ID linked to the API key

      • description string Required

        The API key description. TIP: Useful when you have multiple API keys.

      • key string

        The API key. TIP: Since the API key is returned only once, save it in a safe place.

      • creation_date string(date-time) Required

        The date/time for when the API key is created.

      • expiration_date string(date-time)

        The date/time when the API key expires.

GET /users/auth/keys
curl \
 -X GET https://{{hostname}}/api/v1/users/auth/keys
Response examples (200)
{
  "keys": [
    {
      "id": "string",
      "user_id": "string",
      "organization_id": "string",
      "description": "string",
      "key": "string",
      "creation_date": "2025-05-04T09:42:00+00:00",
      "expiration_date": "2025-05-04T09:42:00+00:00"
    }
  ]
}