Invalidate API Key API

edit

API Key(s) can be invalidated using this API.

Invalidate API Key Request

edit

The InvalidateApiKeyRequest supports invalidating

  1. A specific API key
  2. All API keys for a specific realm
  3. All API keys for a specific user
  4. All API keys for a specific user in a specific realm
  5. A specific key or all API keys owned by the current authenticated user

Specific API keys by a list of API key ids

edit
InvalidateApiKeyRequest invalidateApiKeyRequest = InvalidateApiKeyRequest.usingApiKeyIds(
    Arrays.asList("kI3QZHYBnpSXoDRq1XzR", "ko3SZHYBnpSXoDRqk3zm"), false);

Specific API key by API key name

edit
InvalidateApiKeyRequest invalidateApiKeyRequest = InvalidateApiKeyRequest.usingApiKeyName(createApiKeyResponse2.getName(),
    false);

All API keys for realm

edit
InvalidateApiKeyRequest invalidateApiKeyRequest = InvalidateApiKeyRequest.usingRealmName("default_file");

All API keys for user

edit
InvalidateApiKeyRequest invalidateApiKeyRequest = InvalidateApiKeyRequest.usingUserName("test_user");

All API key for user in realm

edit
InvalidateApiKeyRequest invalidateApiKeyRequest = InvalidateApiKeyRequest.usingRealmAndUserName("default_file", "test_user");

Retrieve all API keys for the current authenticated user

edit
InvalidateApiKeyRequest invalidateApiKeyRequest = InvalidateApiKeyRequest.forOwnedApiKeys();

Synchronous execution

edit

When executing a InvalidateApiKeyRequest in the following manner, the client waits for the InvalidateApiKeyResponse to be returned before continuing with code execution:

InvalidateApiKeyResponse invalidateApiKeyResponse = client.security().invalidateApiKey(invalidateApiKeyRequest,
    RequestOptions.DEFAULT);

Synchronous calls may throw an IOException in case of either failing to parse the REST response in the high-level REST client, the request times out or similar cases where there is no response coming back from the server.

In cases where the server returns a 4xx or 5xx error code, the high-level client tries to parse the response body error details instead and then throws a generic ElasticsearchException and adds the original ResponseException as a suppressed exception to it.

Asynchronous execution

edit

Executing a InvalidateApiKeyRequest can also be done in an asynchronous fashion so that the client can return directly. Users need to specify how the response or potential failures will be handled by passing the request and a listener to the asynchronous invalidate-api-key method:

client.security().invalidateApiKeyAsync(invalidateApiKeyRequest, RequestOptions.DEFAULT, listener); 

The InvalidateApiKeyRequest to execute and the ActionListener to use when the execution completes

The asynchronous method does not block and returns immediately. Once it is completed the ActionListener is called back using the onResponse method if the execution successfully completed or using the onFailure method if it failed. Failure scenarios and expected exceptions are the same as in the synchronous execution case.

A typical listener for invalidate-api-key looks like:

listener = new ActionListener<InvalidateApiKeyResponse>() {
    @Override
    public void onResponse(InvalidateApiKeyResponse invalidateApiKeyResponse) {
        
    }

    @Override
    public void onFailure(Exception e) {
        
    }
};

Called when the execution is successfully completed.

Called when the whole InvalidateApiKeyRequest fails.

Invalidate API Key Response

edit

The returned InvalidateApiKeyResponse contains the information regarding the API keys that the request invalidated.

invalidatedApiKeys
Available using getInvalidatedApiKeys lists the API keys that this request invalidated.
previouslyInvalidatedApiKeys
Available using getPreviouslyInvalidatedApiKeys lists the API keys that this request attempted to invalidate but were already invalid.
errors
Available using getErrors contains possible errors that were encountered while attempting to invalidate API keys.
InvalidateApiKeyResponse invalidateApiKeyResponse = client.security().invalidateApiKey(invalidateApiKeyRequest,
    RequestOptions.DEFAULT);