Elastic Cloud Enterprise API
1

Base URL
https://{{hostname}}/api/v1

This RESTful API enables you to create and manage both your Elastic Stack deployments and the ECE platform.

NOTE: This documentation applies to the Elastic Cloud Enterprise API only. If you are using Elasticsearch Service, use the Elastic Cloud API.

This API supports both key-based and token-based authentication. Key-based is generally the preferred method. For details about creating an API key or bearer token, refer to Authentication.

Documentation source and versions

This documentation is derived from https://api.elastic-cloud.com/api/v1/api-docs/swagger.json. It is provided under license Attribution-NonCommercial-NoDerivatives 4.0 International.

This is version 1 of this API documentation. Last update on Oct 29, 2024.

Authentication

The API accepts 2 different authentication methods:

Basic auth (http)

Basic auth tokens are constructed with the Basic keyword, followed by a space, followed by a base64-encoded string of your username:password (separated by a : colon).

Example: send a Authorization: Basic aGVsbG86aGVsbG8= HTTP header with your requests to authenticate with the API.

Api key (http_api_key)

Send an authentication token in the Authorization header to authenticate with the API.

Accounts

Retrieve and update the current Elasticsearch Service account.

Fetch current account information

GET /account

Fetch current account information.

Responses

  • Account fetched successfully

    Hide response attributes Show response attributes object
    • id string Required

      The account's identifier

    • trust object

      Settings related to the level of trust of the clusters in this account

      Additional properties are allowed.

      Hide trust attribute Show trust attribute object
      • trust_all boolean Required

        If true, all clusters in this account will by default trust all other clusters in the same account

  • Account not found. (code: accounts.not_found)

    Hide headers attribute Show headers attribute
    Hide response attribute Show response attribute object
    • errors array[object] Required

      A list of errors that occurred in the failing request

      Hide errors attributes Show errors attributes object
      • code string Required

        A structured code representing the error type that occurred

      • message string Required

        A human readable message describing the error that occurred

      • fields array[string]

        If the error can be tied to a specific field or fields in the user request, this lists those fields

GET /account
curl \
 -X GET https://{{hostname}}/api/v1/account
Response examples (200)
{
  "id": "string",
  "trust": {
    "trust_all": true
  }
}
Response examples (404)
# Headers
x-cloud-error-codes: accounts.not_found

# Payload
{
  "errors": [
    {
      "code": "string",
      "message": "string",
      "fields": [
        "string"
      ]
    }
  ]
}

Updates the current account

PUT /account

Updates the current account.

Body Required

the current account

  • trust object

    Settings related to the level of trust of the clusters in this account

    Additional properties are allowed.

    Hide trust attribute Show trust attribute object
    • trust_all boolean Required

      If true, all clusters in this account will by default trust all other clusters in the same account

Responses

  • Account updated successfully

    Hide response attributes Show response attributes object
    • id string Required

      The account's identifier

    • trust object

      Settings related to the level of trust of the clusters in this account

      Additional properties are allowed.

      Hide trust attribute Show trust attribute object
      • trust_all boolean Required

        If true, all clusters in this account will by default trust all other clusters in the same account

  • Account not found. (code: accounts.not_found)

    Hide headers attribute Show headers attribute
    Hide response attribute Show response attribute object
    • errors array[object] Required

      A list of errors that occurred in the failing request

      Hide errors attributes Show errors attributes object
      • code string Required

        A structured code representing the error type that occurred

      • message string Required

        A human readable message describing the error that occurred

      • fields array[string]

        If the error can be tied to a specific field or fields in the user request, this lists those fields

PUT /account
curl \
 -X PUT https://{{hostname}}/api/v1/account \
 -d '{"trust":{"trust_all":true}}'
Request examples
{
  "trust": {
    "trust_all": true
  }
}
Response examples (200)
{
  "id": "string",
  "trust": {
    "trust_all": true
  }
}
Response examples (404)
# Headers
x-cloud-error-codes: accounts.not_found

# Payload
{
  "errors": [
    {
      "code": "string",
      "message": "string",
      "fields": [
        "string"
      ]
    }
  ]
}

Updates the current account

PATCH /account

Updates the current account.

Body Required

All changes in the specified object are applied to the current account according to the JSON Merge Patch processing rules. Omitting existing fields causes the same values to be reapplied. Specifying a null value reverts the field to the default value, or removes the field when no default value exists.

string string

Responses

  • Account updated successfully

    Hide response attributes Show response attributes object
    • id string Required

      The account's identifier

    • trust object

      Settings related to the level of trust of the clusters in this account

      Additional properties are allowed.

      Hide trust attribute Show trust attribute object
      • trust_all boolean Required

        If true, all clusters in this account will by default trust all other clusters in the same account

  • Account not found. (code: accounts.not_found)

    Hide headers attribute Show headers attribute
    Hide response attribute Show response attribute object
    • errors array[object] Required

      A list of errors that occurred in the failing request

      Hide errors attributes Show errors attributes object
      • code string Required

        A structured code representing the error type that occurred

      • message string Required

        A human readable message describing the error that occurred

      • fields array[string]

        If the error can be tied to a specific field or fields in the user request, this lists those fields

PATCH /account
curl \
 -X PATCH https://{{hostname}}/api/v1/account \
 -d '"string"'
Request examples
string
Response examples (200)
{
  "id": "string",
  "trust": {
    "trust_all": true
  }
}
Response examples (404)
# Headers
x-cloud-error-codes: accounts.not_found

# Payload
{
  "errors": [
    {
      "code": "string",
      "message": "string",
      "fields": [
        "string"
      ]
    }
  ]
}

Authentication

Manage your Elasticsearch Service API keys.

User authentication information

GET /users/auth

Provides authentication information about a user, including elevated permission status and TOTP device availability.

Responses

  • User authentication information response

    Hide response attributes Show response attributes object
GET /users/auth
curl \
 -X GET https://{{hostname}}/api/v1/users/auth
Response examples (200)
{
  "has_totp_device": true,
  "totp_device_source": "string",
  "has_elevated_permissions": true,
  "elevated_permissions_expire_at": "2025-05-04T09:42:00+00:00",
  "totp_device_source_enable_mfa_href": "string",
  "refresh_token_url": "string",
  "expires_at": "2025-05-04T09:42:00+00:00"
}

Login to ECE

POST /users/auth/_login

Authenticates against available users.

Body Required

The login request

  • username string Required

    The username part of the login request

  • password string Required

    The plain text password part of the login request

  • Configure how the API responds after a successful login.

    Additional properties are allowed.

    Hide login_state attribute Show login_state attribute object
    • path string

      The path to which to redirect post login - if not specified then no redirect is performed, instead 200 is returned with the token in the body

Responses

  • Login successful, returns the token in the body (if 'login_state.path' not specified)

    Hide response attributes Show response attributes object
    • token string Required

      The authorization bearer token that you use in subsequent requests

    • session_expiration_time string(date-time) Required

      The time that the session token will expire

  • Redirects to '/sso/token#BEARER_TOKEN?state=LOGIN_STATE' with the fragment containing a bearer token (if 'login_state.path' is specified)

    Additional properties are allowed.

  • The supplied authentication is invalid. (code: root.unauthenticated)

    Hide headers attribute Show headers attribute
    Hide response attribute Show response attribute object
    • errors array[object] Required

      A list of errors that occurred in the failing request

      Hide errors attributes Show errors attributes object
      • code string Required

        A structured code representing the error type that occurred

      • message string Required

        A human readable message describing the error that occurred

      • fields array[string]

        If the error can be tied to a specific field or fields in the user request, this lists those fields

  • The administrator needs to configure the authentication cluster. (code: authc.no_authentication_cluster)

    Hide headers attribute Show headers attribute
    • The error codes associated with the response

      Value is authc.no_authentication_cluster.

    Hide response attribute Show response attribute object
    • errors array[object] Required

      A list of errors that occurred in the failing request

      Hide errors attributes Show errors attributes object
      • code string Required

        A structured code representing the error type that occurred

      • message string Required

        A human readable message describing the error that occurred

      • fields array[string]

        If the error can be tied to a specific field or fields in the user request, this lists those fields

  • The authentication cluster failed to process the request. The response body contains details about the error. (code: authc.authentication_cluster_error)

    Hide headers attribute Show headers attribute
    • The error codes associated with the response

      Value is authc.authentication_cluster_error.

    Hide response attribute Show response attribute object
    • errors array[object] Required

      A list of errors that occurred in the failing request

      Hide errors attributes Show errors attributes object
      • code string Required

        A structured code representing the error type that occurred

      • message string Required

        A human readable message describing the error that occurred

      • fields array[string]

        If the error can be tied to a specific field or fields in the user request, this lists those fields

POST /users/auth/_login
curl \
 -X POST https://{{hostname}}/api/v1/users/auth/_login \
 -d '{"username":"string","password":"string","login_state":{"path":"string"}}'
Request examples
{
  "username": "string",
  "password": "string",
  "login_state": {
    "path": "string"
  }
}
Response examples (200)
{
  "token": "string",
  "session_expiration_time": "2025-05-04T09:42:00+00:00"
}
Response examples (302)
{}
Response examples (401)
# Headers
x-cloud-error-codes: root.unauthenticated

# Payload
{
  "errors": [
    {
      "code": "string",
      "message": "string",
      "fields": [
        "string"
      ]
    }
  ]
}
Response examples (501)
# Headers
x-cloud-error-codes: authc.no_authentication_cluster

# Payload
{
  "errors": [
    {
      "code": "string",
      "message": "string",
      "fields": [
        "string"
      ]
    }
  ]
}
Response examples (502)
# Headers
x-cloud-error-codes: authc.authentication_cluster_error

# Payload
{
  "errors": [
    {
      "code": "string",
      "message": "string",
      "fields": [
        "string"
      ]
    }
  ]
}