Get API key information API
editGet API key information API
editRetrieves information for one or more API keys.
Request
editGET /_security/api_key
Prerequisites
edit-
To use this API, you must have at least the
manage_api_key
cluster privilege.
Description
editThe information for the API keys created by create API Key can be retrieved using this API.
Request body
editThe following parameters can be specified in the query parameters of a GET request and pertain to retrieving api keys:
-
id
-
(Optional, string) An API key id. This parameter cannot be used with any of
name
,realm_name
orusername
are used. -
name
-
(Optional, string) An API key name. This parameter cannot be used with any of
id
,realm_name
orusername
are used. -
realm_name
-
(Optional, string) The name of an authentication realm. This parameter cannot be
used with either
id
orname
or whenowner
flag is set totrue
. -
username
-
(Optional, string) The username of a user. This parameter cannot be used with
either
id
orname
or whenowner
flag is set totrue
. -
owner
- (Optional, boolean) A boolean flag that can be used to query API keys owned by the currently authenticated user. Defaults to false. The realm_name or username parameters cannot be specified when this parameter is set to true as they are assumed to be the currently authenticated ones.
At least one of "id", "name", "username" and "realm_name" must be specified if "owner" is "false" (default).
Examples
editIf you create an API key as follows:
POST /_security/api_key { "name": "my-api-key", "role_descriptors": {} }
A successful call returns a JSON structure that provides API key information. For example:
{ "id":"VuaCfGcBCdbkQm-e5aOx", "name":"my-api-key", "api_key":"ui2lp2axTNmsyakw9tvNnw" }
You can use the following example to retrieve the API key by ID:
GET /_security/api_key?id=VuaCfGcBCdbkQm-e5aOx
You can use the following example to retrieve the API key by name:
GET /_security/api_key?name=my-api-key
The following example retrieves all API keys for the native1
realm:
GET /_security/api_key?realm_name=native1
The following example retrieves all API keys for the user myuser
in all realms:
GET /_security/api_key?username=myuser
The following example retrieves all API keys owned by the currently authenticated user:
GET /_security/api_key?owner=true
Following creates an API key
POST /_security/api_key { "name": "my-api-key-1" }
The following example retrieves the API key identified by the specified id
if
it is owned by the currently authenticated user:
GET /_security/api_key?id=VuaCfGcBCdbkQm-e5aOx&owner=true
Finally, the following example retrieves all API keys for the user myuser
in
the native1
realm immediately:
GET /_security/api_key?username=myuser&realm_name=native1
A successful call returns a JSON structure that contains the information of one or more API keys that were retrieved.
{ "api_keys": [ { "id": "dGhpcyBpcyBub3QgYSByZWFsIHRva2VuIGJ1dCBpdCBpcyBvbmx5IHRlc3QgZGF0YS4gZG8gbm90IHRyeSB0byByZWFkIHRva2VuIQ==", "name": "hadoop_myuser_key", "creation": 1548550550158, "expiration": 1548551550158, "invalidated": false, "username": "myuser", "realm": "native1" }, { "id": "api-key-id-2", "name": "api-key-name-2", "creation": 1548550550158, "invalidated": false, "username": "user-y", "realm": "realm-2" } ] }
The list of API keys that were retrieved for this request. |
|
Id for the API key |
|
Name of the API key |
|
Creation time for the API key in milliseconds |
|
Optional expiration time for the API key in milliseconds |
|
Invalidation status for the API key. If the key has been invalidated, it has
a value of |
|
Principal for which this API key was created |
|
Realm name of the principal for which this API key was created |