Invalidate API key API
editInvalidate API key API
editInvalidates one or more API keys.
Request
editDELETE /_security/api_key
Description
editThe API keys created by create API Key can be invalidated using this API.
Request Body
editThe following parameters can be specified in the body of a DELETE request and pertain to invalidating api keys:
-
id
(optional) -
(string) An API key id. This parameter cannot be used with any of
name
,realm_name
orusername
are used. -
name
(optional) -
(string) An API key name. This parameter cannot be used with any of
id
,realm_name
orusername
are used. -
realm_name
(optional) -
(string) The name of an authentication realm. This parameter cannot be used with
either
api_key_id
orapi_key_name
. -
username
(optional) -
(string) The username of a user. This parameter cannot be used with either
api_key_id
orapi_key_name
.
While all parameters are optional, at least one of them is required.
Examples
editIf you create an API key as follows:
POST /_security/api_key { "name": "my-api-key", "role_descriptors": {} }
A successful call returns a JSON structure that provides API key information. For example:
{ "id":"VuaCfGcBCdbkQm-e5aOx", "name":"my-api-key", "api_key":"ui2lp2axTNmsyakw9tvNnw" }
The following example invalidates the API key identified by specified id
immediately:
DELETE /_security/api_key { "id" : "VuaCfGcBCdbkQm-e5aOx" }
The following example invalidates the API key identified by specified name
immediately:
DELETE /_security/api_key { "name" : "my-api-key" }
The following example invalidates all API keys for the native1
realm
immediately:
DELETE /_security/api_key { "realm_name" : "native1" }
The following example invalidates all API keys for the user myuser
in all
realms immediately:
DELETE /_security/api_key { "username" : "myuser" }
Finally, the following example invalidates all API keys for the user myuser
in
the native1
realm immediately:
DELETE /_security/api_key { "username" : "myuser", "realm_name" : "native1" }
A successful call returns a JSON structure that contains the ids of the API keys that were invalidated, the ids of the API keys that had already been invalidated, and potentially a list of errors encountered while invalidating specific api keys.
{ "invalidated_api_keys": [ "api-key-id-1" ], "previously_invalidated_api_keys": [ "api-key-id-2", "api-key-id-3" ], "error_count": 2, "error_details": [ { "type": "exception", "reason": "error occurred while invalidating api keys", "caused_by": { "type": "illegal_argument_exception", "reason": "invalid api key id" } }, { "type": "exception", "reason": "error occurred while invalidating api keys", "caused_by": { "type": "illegal_argument_exception", "reason": "invalid api key id" } } ] }