Delete service account tokens API

edit

Delete service account tokens API

edit

Deletes service account tokens for a service in a specified namespace.

Request

edit

DELETE /_security/service/<namespace>/<service>/credential/token/<token_name>

Prerequisites

edit
  • To use this API, you must have at least the manage_service_account cluster privilege.

Description

edit

In production mode, service accounts require TLS on the HTTP interface. A runtime check prevents you from invoking any related APIs or authenticating with a service account token unless TLS is enabled on the HTTP interface. See encrypt HTTP client communications for Elasticsearch.

The API response indicates whether the specified service account token is found and deleted or it is not found.

Path parameters

edit
namespace
(Required, string) Name of the namespace.
service
(Required, string) Name of the service name.
token_name
(Required, string) Name of the service account token.

Examples

edit

The following request deletes the token1 service account token from the elastic/fleet-server service account:

DELETE /_security/service/elastic/fleet-server/credential/token/token42

If the service account token is successfully deleted, the request returns {"found": true}. Otherwise, the response will have status code 404 and found` will be set to false.

{
  "found" : true
}