Elastic Cloud API
1

Base URL
https://api.elastic-cloud.com/api/v1

This RESTful API enables you to perform most of the operations available in the UI console through API calls.

You can create an API key to quickly and easily authenticate, then use the API to create and manage deployments, configure remote clusters, set up traffic filters, manage extensions, and much more. Access the API from its base URL at api.elastic-cloud.com. For details about creating an API key, refer to Access and authentication.

To manage your serverless projects, use the Elastic Cloud Serverless API.

Documentation source and versions

This documentation is derived from https://api.elastic-cloud.com/api/v1/api-docs-user/swagger.json. It is provided under license Attribution-NonCommercial-NoDerivatives 4.0 International.

This is version 1 of this API documentation. Last update on Dec 12, 2024.

Authentication

Api key (http_api_key)

Send an authentication token in the Authorization header to authenticate with the API.

Principles

The Elasticsearch Service API is built on REST. This means that:

  • URLs are based on resource IDs.
  • JSON is the data interchange format.
  • Standard HTTP response codes and verbs are used.

RESTful API calls are stateless. Every request that you make happens in isolation from other calls and must include all the information necessary for Elasticsearch Service to fulfill the request. API requests return JSON output, which is a format that is machine-readable and works well for automation.

Calls to API endpoints require different request methods, depending on what they do. You use these four request methods to communicate with the Elasticsearch Service RESTful API:

  • To fetch a resource: GET
  • To create a new resource: POST
  • To update an existing resource: PUT or PATCH
  • To delete a resource: DELETE

Rate limiting

API calls are rate limited in a timing window. The current remaining available calls quota is available through the following header fields, included in each API call response:

  • x-ratelimit-interval - The time duration for the quota calculation.
  • x-ratelimit-remaining - The remaining number of API calls available.
  • x-ratelimit-limit - The total number of calls available in the duration x-ratelimit-interval.

Accounts

Retrieve and update the current Elasticsearch Service account.

Fetch current account information

GET /account

Fetch current account information.

Responses

  • Account fetched successfully

    Hide response attributes Show response attributes object
    • id string Required

      The account's identifier

    • trust object

      Settings related to the level of trust of the clusters in this account

      Additional properties are allowed.

      Hide trust attribute Show trust attribute object
      • trust_all boolean Required

        If true, all clusters in this account will by default trust all other clusters in the same account

  • Account not found. (code: accounts.not_found)

    Hide headers attribute Show headers attribute
    Hide response attribute Show response attribute object
    • errors array[object] Required

      A list of errors that occurred in the failing request

      Hide errors attributes Show errors attributes object
      • code string Required

        A structured code representing the error type that occurred

      • message string Required

        A human readable message describing the error that occurred

      • fields array[string]

        If the error can be tied to a specific field or fields in the user request, this lists those fields

GET /account
curl \
 -X GET https://api.elastic-cloud.com/api/v1/account
Response examples (200)
{
  "id": "string",
  "trust": {
    "trust_all": true
  }
}
Response examples (404)
# Headers
x-cloud-error-codes: accounts.not_found

# Payload
{
  "errors": [
    {
      "code": "string",
      "message": "string",
      "fields": [
        "string"
      ]
    }
  ]
}

Updates the current account

PUT /account

Updates the current account.

Body Required

the current account

  • trust object

    Settings related to the level of trust of the clusters in this account

    Additional properties are allowed.

    Hide trust attribute Show trust attribute object
    • trust_all boolean Required

      If true, all clusters in this account will by default trust all other clusters in the same account

Responses

  • Account updated successfully

    Hide response attributes Show response attributes object
    • id string Required

      The account's identifier

    • trust object

      Settings related to the level of trust of the clusters in this account

      Additional properties are allowed.

      Hide trust attribute Show trust attribute object
      • trust_all boolean Required

        If true, all clusters in this account will by default trust all other clusters in the same account

  • Account not found. (code: accounts.not_found)

    Hide headers attribute Show headers attribute
    Hide response attribute Show response attribute object
    • errors array[object] Required

      A list of errors that occurred in the failing request

      Hide errors attributes Show errors attributes object
      • code string Required

        A structured code representing the error type that occurred

      • message string Required

        A human readable message describing the error that occurred

      • fields array[string]

        If the error can be tied to a specific field or fields in the user request, this lists those fields

PUT /account
curl \
 -X PUT https://api.elastic-cloud.com/api/v1/account \
 -d '{"trust":{"trust_all":true}}'
Request examples
{
  "trust": {
    "trust_all": true
  }
}
Response examples (200)
{
  "id": "string",
  "trust": {
    "trust_all": true
  }
}
Response examples (404)
# Headers
x-cloud-error-codes: accounts.not_found

# Payload
{
  "errors": [
    {
      "code": "string",
      "message": "string",
      "fields": [
        "string"
      ]
    }
  ]
}

Updates the current account

PATCH /account

Updates the current account.

Body Required

All changes in the specified object are applied to the current account according to the JSON Merge Patch processing rules. Omitting existing fields causes the same values to be reapplied. Specifying a null value reverts the field to the default value, or removes the field when no default value exists.

string string

Responses

  • Account updated successfully

    Hide response attributes Show response attributes object
    • id string Required

      The account's identifier

    • trust object

      Settings related to the level of trust of the clusters in this account

      Additional properties are allowed.

      Hide trust attribute Show trust attribute object
      • trust_all boolean Required

        If true, all clusters in this account will by default trust all other clusters in the same account

  • Account not found. (code: accounts.not_found)

    Hide headers attribute Show headers attribute
    Hide response attribute Show response attribute object
    • errors array[object] Required

      A list of errors that occurred in the failing request

      Hide errors attributes Show errors attributes object
      • code string Required

        A structured code representing the error type that occurred

      • message string Required

        A human readable message describing the error that occurred

      • fields array[string]

        If the error can be tied to a specific field or fields in the user request, this lists those fields

PATCH /account
curl \
 -X PATCH https://api.elastic-cloud.com/api/v1/account \
 -d '"string"'
Request examples
string
Response examples (200)
{
  "id": "string",
  "trust": {
    "trust_all": true
  }
}
Response examples (404)
# Headers
x-cloud-error-codes: accounts.not_found

# Payload
{
  "errors": [
    {
      "code": "string",
      "message": "string",
      "fields": [
        "string"
      ]
    }
  ]
}

Authentication

Manage your Elasticsearch Service API keys.

Get all API keys

GET /users/auth/keys

Retrieves the metadata for all of the API keys that the user generated.

Responses

  • The metadata for the API keys is retrieved.

    Hide response attribute Show response attribute object
    • keys array[object] Required

      The list of API keys.

      Hide keys attributes Show keys attributes object
      • id string Required

        The API key ID.

      • user_id string

        The user ID.

      • The organization ID linked to the API key

      • description string Required

        The API key description. TIP: Useful when you have multiple API keys.

      • key string

        The API key. TIP: Since the API key is returned only once, save it in a safe place.

      • creation_date string(date-time) Required

        The date/time for when the API key is created.

      • expiration_date string(date-time)

        The date/time when the API key expires.

      • The roles that will be assigned to users once they accept the invitation. Currently unavailable in self-hosted ECE.

        Additional properties are allowed.

        Hide role_assignments attributes Show role_assignments attributes object
        • platform array[object]

          Assignments for roles with platform scope.

          Hide platform attribute Show platform attribute object
          • role_id string Required

            The ID of the role that is assigned.

        • organization array[object]

          Assignments for roles with organization scope.

          Hide organization attributes Show organization attributes object
          • role_id string Required

            The ID of the role that is assigned.

          • organization_id string Required

            The ID of the organization the role is scoped to.

        • deployment array[object]

          Assignments for roles with deployment scope.

          Hide deployment attributes Show deployment attributes object
          • role_id string Required

            The ID of the role that is assigned.

          • organization_id string Required

            The ID of the organization the role is scoped to.

          • all boolean

            When true, the role applies to all deployments in the organization, otherwise the role is scoped to the deployments specified in deployment_ids.

          • deployment_ids array[string]

            The IDs of the deployments the role is scoped to. Must be absent if all is true, and present if all is false.

          • application_roles array[string]

            If provided, the user assigned this role assignment will be granted this application role when signing in to the deployment(s) specified in the role assignment.

        • project object

          Assignments for roles with project scope.

          Additional properties are allowed.

          Hide project attributes Show project attributes object
          • elasticsearch array[object]

            The Elasticsearch project-scoped role assignments to set

            Hide elasticsearch attributes Show elasticsearch attributes object
            • role_id string Required

              The ID of the role that is assigned.

            • organization_id string Required

              The ID of the organization the role is scoped to.

            • all boolean

              When true, the role applies to all projects in the organization, otherwise the role is scoped to the projects specified in project_ids.

            • project_ids array[string]

              The IDs of the projects the role is scoped to. Must be absent if all is true, and present if all is false.

            • application_roles array[string]

              If provided, the user assigned this role assignment will be granted this application role when signing in to the project(s) specified in the role assignment.

          • observability array[object]

            The Observability project-scoped role assignments to set

            Hide observability attributes Show observability attributes object
            • role_id string Required

              The ID of the role that is assigned.

            • organization_id string Required

              The ID of the organization the role is scoped to.

            • all boolean

              When true, the role applies to all projects in the organization, otherwise the role is scoped to the projects specified in project_ids.

            • project_ids array[string]

              The IDs of the projects the role is scoped to. Must be absent if all is true, and present if all is false.

            • application_roles array[string]

              If provided, the user assigned this role assignment will be granted this application role when signing in to the project(s) specified in the role assignment.

          • security array[object]

            The Security project-scoped role assignments to set

            Hide security attributes Show security attributes object
            • role_id string Required

              The ID of the role that is assigned.

            • organization_id string Required

              The ID of the organization the role is scoped to.

            • all boolean

              When true, the role applies to all projects in the organization, otherwise the role is scoped to the projects specified in project_ids.

            • project_ids array[string]

              The IDs of the projects the role is scoped to. Must be absent if all is true, and present if all is false.

            • application_roles array[string]

              If provided, the user assigned this role assignment will be granted this application role when signing in to the project(s) specified in the role assignment.

GET /users/auth/keys
curl \
 -X GET https://api.elastic-cloud.com/api/v1/users/auth/keys
Response examples (200)
{
  "keys": [
    {
      "id": "string",
      "user_id": "string",
      "organization_id": "string",
      "description": "string",
      "key": "string",
      "creation_date": "2025-05-04T09:42:00+00:00",
      "expiration_date": "2025-05-04T09:42:00+00:00",
      "role_assignments": {
        "platform": [
          {
            "role_id": "string"
          }
        ],
        "organization": [
          {
            "role_id": "string",
            "organization_id": "string"
          }
        ],
        "deployment": [
          {
            "role_id": "string",
            "organization_id": "string",
            "all": true,
            "deployment_ids": [
              "string"
            ],
            "application_roles": [
              "string"
            ]
          }
        ],
        "project": {
          "elasticsearch": [
            {
              "role_id": "string",
              "organization_id": "string",
              "all": true,
              "project_ids": [
                "string"
              ],
              "application_roles": [
                "string"
              ]
            }
          ],
          "observability": [
            {
              "role_id": "string",
              "organization_id": "string",
              "all": true,
              "project_ids": [
                "string"
              ],
              "application_roles": [
                "string"
              ]
            }
          ],
          "security": [
            {
              "role_id": "string",
              "organization_id": "string",
              "all": true,
              "project_ids": [
                "string"
              ],
              "application_roles": [
                "string"
              ]
            }
          ]
        }
      }
    }
  ]
}

Create API key

POST /users/auth/keys

Creates a new API key.

Body Required

The request to create the API key

  • description string Required

    API key description. Useful if there are multiple keys

  • The optional expiration for the API key, provided as a duration (ex: '1d', '3h')

  • The roles that will be assigned to users once they accept the invitation. Currently unavailable in self-hosted ECE.

    Additional properties are allowed.

    Hide role_assignments attributes Show role_assignments attributes object
    • platform array[object]

      Assignments for roles with platform scope.

      Hide platform attribute Show platform attribute object
      • role_id string Required

        The ID of the role that is assigned.

    • organization array[object]

      Assignments for roles with organization scope.

      Hide organization attributes Show organization attributes object
      • role_id string Required

        The ID of the role that is assigned.

      • organization_id string Required

        The ID of the organization the role is scoped to.

    • deployment array[object]

      Assignments for roles with deployment scope.

      Hide deployment attributes Show deployment attributes object
      • role_id string Required

        The ID of the role that is assigned.

      • organization_id string Required

        The ID of the organization the role is scoped to.

      • all boolean

        When true, the role applies to all deployments in the organization, otherwise the role is scoped to the deployments specified in deployment_ids.

      • deployment_ids array[string]

        The IDs of the deployments the role is scoped to. Must be absent if all is true, and present if all is false.

      • application_roles array[string]

        If provided, the user assigned this role assignment will be granted this application role when signing in to the deployment(s) specified in the role assignment.

    • project object

      Assignments for roles with project scope.

      Additional properties are allowed.

      Hide project attributes Show project attributes object
      • elasticsearch array[object]

        The Elasticsearch project-scoped role assignments to set

        Hide elasticsearch attributes Show elasticsearch attributes object
        • role_id string Required

          The ID of the role that is assigned.

        • organization_id string Required

          The ID of the organization the role is scoped to.

        • all boolean

          When true, the role applies to all projects in the organization, otherwise the role is scoped to the projects specified in project_ids.

        • project_ids array[string]

          The IDs of the projects the role is scoped to. Must be absent if all is true, and present if all is false.

        • application_roles array[string]

          If provided, the user assigned this role assignment will be granted this application role when signing in to the project(s) specified in the role assignment.

      • observability array[object]

        The Observability project-scoped role assignments to set

        Hide observability attributes Show observability attributes object
        • role_id string Required

          The ID of the role that is assigned.

        • organization_id string Required

          The ID of the organization the role is scoped to.

        • all boolean

          When true, the role applies to all projects in the organization, otherwise the role is scoped to the projects specified in project_ids.

        • project_ids array[string]

          The IDs of the projects the role is scoped to. Must be absent if all is true, and present if all is false.

        • application_roles array[string]

          If provided, the user assigned this role assignment will be granted this application role when signing in to the project(s) specified in the role assignment.

      • security array[object]

        The Security project-scoped role assignments to set

        Hide security attributes Show security attributes object
        • role_id string Required

          The ID of the role that is assigned.

        • organization_id string Required

          The ID of the organization the role is scoped to.

        • all boolean

          When true, the role applies to all projects in the organization, otherwise the role is scoped to the projects specified in project_ids.

        • project_ids array[string]

          The IDs of the projects the role is scoped to. Must be absent if all is true, and present if all is false.

        • application_roles array[string]

          If provided, the user assigned this role assignment will be granted this application role when signing in to the project(s) specified in the role assignment.

Responses

  • The API key is created and returned in the body of the response.

    Hide response attributes Show response attributes object
    • id string Required

      The API key ID.

    • user_id string

      The user ID.

    • The organization ID linked to the API key

    • description string Required

      The API key description. TIP: Useful when you have multiple API keys.

    • key string

      The API key. TIP: Since the API key is returned only once, save it in a safe place.

    • creation_date string(date-time) Required

      The date/time for when the API key is created.

    • expiration_date string(date-time)

      The date/time when the API key expires.

    • The roles that will be assigned to users once they accept the invitation. Currently unavailable in self-hosted ECE.

      Additional properties are allowed.

      Hide role_assignments attributes Show role_assignments attributes object
      • platform array[object]

        Assignments for roles with platform scope.

        Hide platform attribute Show platform attribute object
        • role_id string Required

          The ID of the role that is assigned.

      • organization array[object]

        Assignments for roles with organization scope.

        Hide organization attributes Show organization attributes object
        • role_id string Required

          The ID of the role that is assigned.

        • organization_id string Required

          The ID of the organization the role is scoped to.

      • deployment array[object]

        Assignments for roles with deployment scope.

        Hide deployment attributes Show deployment attributes object
        • role_id string Required

          The ID of the role that is assigned.

        • organization_id string Required

          The ID of the organization the role is scoped to.

        • all boolean

          When true, the role applies to all deployments in the organization, otherwise the role is scoped to the deployments specified in deployment_ids.

        • deployment_ids array[string]

          The IDs of the deployments the role is scoped to. Must be absent if all is true, and present if all is false.

        • application_roles array[string]

          If provided, the user assigned this role assignment will be granted this application role when signing in to the deployment(s) specified in the role assignment.

      • project object

        Assignments for roles with project scope.

        Additional properties are allowed.

        Hide project attributes Show project attributes object
        • elasticsearch array[object]

          The Elasticsearch project-scoped role assignments to set

          Hide elasticsearch attributes Show elasticsearch attributes object
          • role_id string Required

            The ID of the role that is assigned.

          • organization_id string Required

            The ID of the organization the role is scoped to.

          • all boolean

            When true, the role applies to all projects in the organization, otherwise the role is scoped to the projects specified in project_ids.

          • project_ids array[string]

            The IDs of the projects the role is scoped to. Must be absent if all is true, and present if all is false.

          • application_roles array[string]

            If provided, the user assigned this role assignment will be granted this application role when signing in to the project(s) specified in the role assignment.

        • observability array[object]

          The Observability project-scoped role assignments to set

          Hide observability attributes Show observability attributes object
          • role_id string Required

            The ID of the role that is assigned.

          • organization_id string Required

            The ID of the organization the role is scoped to.

          • all boolean

            When true, the role applies to all projects in the organization, otherwise the role is scoped to the projects specified in project_ids.

          • project_ids array[string]

            The IDs of the projects the role is scoped to. Must be absent if all is true, and present if all is false.

          • application_roles array[string]

            If provided, the user assigned this role assignment will be granted this application role when signing in to the project(s) specified in the role assignment.

        • security array[object]

          The Security project-scoped role assignments to set

          Hide security attributes Show security attributes object
          • role_id string Required

            The ID of the role that is assigned.

          • organization_id string Required

            The ID of the organization the role is scoped to.

          • all boolean

            When true, the role applies to all projects in the organization, otherwise the role is scoped to the projects specified in project_ids.

          • project_ids array[string]

            The IDs of the projects the role is scoped to. Must be absent if all is true, and present if all is false.

          • application_roles array[string]

            If provided, the user assigned this role assignment will be granted this application role when signing in to the project(s) specified in the role assignment.

  • The request is invalid. Specify a different request, then try again. (code: api_keys.invalid_input)

    Hide headers attribute Show headers attribute
    • The error codes associated with the response

      Value is api_keys.invalid_input.

    Hide response attribute Show response attribute object
    • errors array[object] Required

      A list of errors that occurred in the failing request

      Hide errors attributes Show errors attributes object
      • code string Required

        A structured code representing the error type that occurred

      • message string Required

        A human readable message describing the error that occurred

      • fields array[string]

        If the error can be tied to a specific field or fields in the user request, this lists those fields

POST /users/auth/keys
curl \
 -X POST https://api.elastic-cloud.com/api/v1/users/auth/keys \
 -d '{"description":"string","expiration":"string","role_assignments":{"platform":[{"role_id":"string"}],"organization":[{"role_id":"string","organization_id":"string"}],"deployment":[{"role_id":"string","organization_id":"string","all":true,"deployment_ids":["string"],"application_roles":["string"]}],"project":{"elasticsearch":[{"role_id":"string","organization_id":"string","all":true,"project_ids":["string"],"application_roles":["string"]}],"observability":[{"role_id":"string","organization_id":"string","all":true,"project_ids":["string"],"application_roles":["string"]}],"security":[{"role_id":"string","organization_id":"string","all":true,"project_ids":["string"],"application_roles":["string"]}]}}}'
Request examples
{
  "description": "string",
  "expiration": "string",
  "role_assignments": {
    "platform": [
      {
        "role_id": "string"
      }
    ],
    "organization": [
      {
        "role_id": "string",
        "organization_id": "string"
      }
    ],
    "deployment": [
      {
        "role_id": "string",
        "organization_id": "string",
        "all": true,
        "deployment_ids": [
          "string"
        ],
        "application_roles": [
          "string"
        ]
      }
    ],
    "project": {
      "elasticsearch": [
        {
          "role_id": "string",
          "organization_id": "string",
          "all": true,
          "project_ids": [
            "string"
          ],
          "application_roles": [
            "string"
          ]
        }
      ],
      "observability": [
        {
          "role_id": "string",
          "organization_id": "string",
          "all": true,
          "project_ids": [
            "string"
          ],
          "application_roles": [
            "string"
          ]
        }
      ],
      "security": [
        {
          "role_id": "string",
          "organization_id": "string",
          "all": true,
          "project_ids": [
            "string"
          ],
          "application_roles": [
            "string"
          ]
        }
      ]
    }
  }
}
Response examples (201)
{
  "id": "string",
  "user_id": "string",
  "organization_id": "string",
  "description": "string",
  "key": "string",
  "creation_date": "2025-05-04T09:42:00+00:00",
  "expiration_date": "2025-05-04T09:42:00+00:00",
  "role_assignments": {
    "platform": [
      {
        "role_id": "string"
      }
    ],
    "organization": [
      {
        "role_id": "string",
        "organization_id": "string"
      }
    ],
    "deployment": [
      {
        "role_id": "string",
        "organization_id": "string",
        "all": true,
        "deployment_ids": [
          "string"
        ],
        "application_roles": [
          "string"
        ]
      }
    ],
    "project": {
      "elasticsearch": [
        {
          "role_id": "string",
          "organization_id": "string",
          "all": true,
          "project_ids": [
            "string"
          ],
          "application_roles": [
            "string"
          ]
        }
      ],
      "observability": [
        {
          "role_id": "string",
          "organization_id": "string",
          "all": true,
          "project_ids": [
            "string"
          ],
          "application_roles": [
            "string"
          ]
        }
      ],
      "security": [
        {
          "role_id": "string",
          "organization_id": "string",
          "all": true,
          "project_ids": [
            "string"
          ],
          "application_roles": [
            "string"
          ]
        }
      ]
    }
  }
}
Response examples (400)
# Headers
x-cloud-error-codes: api_keys.invalid_input

# Payload
{
  "errors": [
    {
      "code": "string",
      "message": "string",
      "fields": [
        "string"
      ]
    }
  ]
}

Delete API keys

DELETE /users/auth/keys

Delete or invalidate API keys.

Body Required

The request to delete API keys

  • keys array[string] Required

    The list of API key IDs.

Responses

  • The API keys are deleted.

    Additional properties are allowed.

DELETE /users/auth/keys
curl \
 -X DELETE https://api.elastic-cloud.com/api/v1/users/auth/keys \
 -d '{"keys":["string"]}'
Request examples
{
  "keys": [
    "string"
  ]
}
Response examples (200)
{}

Get API key

GET /users/auth/keys/{api_key_id}

Retrieves the metadata for an API key.

Path parameters

Responses

  • The API key metadata is retrieved.

    Hide response attributes Show response attributes object
    • id string Required

      The API key ID.

    • user_id string

      The user ID.

    • The organization ID linked to the API key

    • description string Required

      The API key description. TIP: Useful when you have multiple API keys.

    • key string

      The API key. TIP: Since the API key is returned only once, save it in a safe place.

    • creation_date string(date-time) Required

      The date/time for when the API key is created.

    • expiration_date string(date-time)

      The date/time when the API key expires.

    • The roles that will be assigned to users once they accept the invitation. Currently unavailable in self-hosted ECE.

      Additional properties are allowed.

      Hide role_assignments attributes Show role_assignments attributes object
      • platform array[object]

        Assignments for roles with platform scope.

        Hide platform attribute Show platform attribute object
        • role_id string Required

          The ID of the role that is assigned.

      • organization array[object]

        Assignments for roles with organization scope.

        Hide organization attributes Show organization attributes object
        • role_id string Required

          The ID of the role that is assigned.

        • organization_id string Required

          The ID of the organization the role is scoped to.

      • deployment array[object]

        Assignments for roles with deployment scope.

        Hide deployment attributes Show deployment attributes object
        • role_id string Required

          The ID of the role that is assigned.

        • organization_id string Required

          The ID of the organization the role is scoped to.

        • all boolean

          When true, the role applies to all deployments in the organization, otherwise the role is scoped to the deployments specified in deployment_ids.

        • deployment_ids array[string]

          The IDs of the deployments the role is scoped to. Must be absent if all is true, and present if all is false.

        • application_roles array[string]

          If provided, the user assigned this role assignment will be granted this application role when signing in to the deployment(s) specified in the role assignment.

      • project object

        Assignments for roles with project scope.

        Additional properties are allowed.

        Hide project attributes Show project attributes object
        • elasticsearch array[object]

          The Elasticsearch project-scoped role assignments to set

          Hide elasticsearch attributes Show elasticsearch attributes object
          • role_id string Required

            The ID of the role that is assigned.

          • organization_id string Required

            The ID of the organization the role is scoped to.

          • all boolean

            When true, the role applies to all projects in the organization, otherwise the role is scoped to the projects specified in project_ids.

          • project_ids array[string]

            The IDs of the projects the role is scoped to. Must be absent if all is true, and present if all is false.

          • application_roles array[string]

            If provided, the user assigned this role assignment will be granted this application role when signing in to the project(s) specified in the role assignment.

        • observability array[object]

          The Observability project-scoped role assignments to set

          Hide observability attributes Show observability attributes object
          • role_id string Required

            The ID of the role that is assigned.

          • organization_id string Required

            The ID of the organization the role is scoped to.

          • all boolean

            When true, the role applies to all projects in the organization, otherwise the role is scoped to the projects specified in project_ids.

          • project_ids array[string]

            The IDs of the projects the role is scoped to. Must be absent if all is true, and present if all is false.

          • application_roles array[string]

            If provided, the user assigned this role assignment will be granted this application role when signing in to the project(s) specified in the role assignment.

        • security array[object]

          The Security project-scoped role assignments to set

          Hide security attributes Show security attributes object
          • role_id string Required

            The ID of the role that is assigned.

          • organization_id string Required

            The ID of the organization the role is scoped to.

          • all boolean

            When true, the role applies to all projects in the organization, otherwise the role is scoped to the projects specified in project_ids.

          • project_ids array[string]

            The IDs of the projects the role is scoped to. Must be absent if all is true, and present if all is false.

          • application_roles array[string]

            If provided, the user assigned this role assignment will be granted this application role when signing in to the project(s) specified in the role assignment.

  • The {api_key_id} can't be found. (code: api_keys.key_not_found)

    Hide headers attribute Show headers attribute
    • The error codes associated with the response

      Value is api_keys.key_not_found.

    Hide response attribute Show response attribute object
    • errors array[object] Required

      A list of errors that occurred in the failing request

      Hide errors attributes Show errors attributes object
      • code string Required

        A structured code representing the error type that occurred

      • message string Required

        A human readable message describing the error that occurred

      • fields array[string]

        If the error can be tied to a specific field or fields in the user request, this lists those fields

GET /users/auth/keys/{api_key_id}
curl \
 -X GET https://api.elastic-cloud.com/api/v1/users/auth/keys/{api_key_id}
Response examples (200)
{
  "id": "string",
  "user_id": "string",
  "organization_id": "string",
  "description": "string",
  "key": "string",
  "creation_date": "2025-05-04T09:42:00+00:00",
  "expiration_date": "2025-05-04T09:42:00+00:00",
  "role_assignments": {
    "platform": [
      {
        "role_id": "string"
      }
    ],
    "organization": [
      {
        "role_id": "string",
        "organization_id": "string"
      }
    ],
    "deployment": [
      {
        "role_id": "string",
        "organization_id": "string",
        "all": true,
        "deployment_ids": [
          "string"
        ],
        "application_roles": [
          "string"
        ]
      }
    ],
    "project": {
      "elasticsearch": [
        {
          "role_id": "string",
          "organization_id": "string",
          "all": true,
          "project_ids": [
            "string"
          ],
          "application_roles": [
            "string"
          ]
        }
      ],
      "observability": [
        {
          "role_id": "string",
          "organization_id": "string",
          "all": true,
          "project_ids": [
            "string"
          ],
          "application_roles": [
            "string"
          ]
        }
      ],
      "security": [
        {
          "role_id": "string",
          "organization_id": "string",
          "all": true,
          "project_ids": [
            "string"
          ],
          "application_roles": [
            "string"
          ]
        }
      ]
    }
  }
}
Response examples (404)
# Headers
x-cloud-error-codes: api_keys.key_not_found

# Payload
{
  "errors": [
    {
      "code": "string",
      "message": "string",
      "fields": [
        "string"
      ]
    }
  ]
}

Delete API key

DELETE /users/auth/keys/{api_key_id}

Delete or invalidate the API key.

Path parameters

Responses

  • The API key is deleted.

    Additional properties are allowed.

  • The {api_key_id} can't be found. (code: api_keys.key_not_found)

    Hide headers attribute Show headers attribute
    • The error codes associated with the response

      Value is api_keys.key_not_found.

    Hide response attribute Show response attribute object
    • errors array[object] Required

      A list of errors that occurred in the failing request

      Hide errors attributes Show errors attributes object
      • code string Required

        A structured code representing the error type that occurred

      • message string Required

        A human readable message describing the error that occurred

      • fields array[string]

        If the error can be tied to a specific field or fields in the user request, this lists those fields

DELETE /users/auth/keys/{api_key_id}
curl \
 -X DELETE https://api.elastic-cloud.com/api/v1/users/auth/keys/{api_key_id}
Response examples (200)
{}
Response examples (404)
# Headers
x-cloud-error-codes: api_keys.key_not_found

# Payload
{
  "errors": [
    {
      "code": "string",
      "message": "string",
      "fields": [
        "string"
      ]
    }
  ]
}

Billing costs analysis

Get an overview of your costs by organization ID.