IMPORTANT: No additional bug fixes or documentation updates
will be released for this version. For the latest information, see the
current release documentation.
HTTP/REST clients and security
editHTTP/REST clients and security
editThe Elasticsearch security features work with standard HTTP basic authentication headers to authenticate users. Since Elasticsearch is stateless, this header must be sent with every request:
Client examples
editThis example uses curl
without basic auth to create an index:
curl -XPUT 'localhost:9200/idx'
{ "error": "AuthenticationException[Missing authentication token]", "status": 401 }
Since no user is associated with the request above, an authentication error is
returned. Now we’ll use curl
with basic auth to create an index as the
rdeniro
user:
curl --user rdeniro:taxidriver -XPUT 'localhost:9200/idx'
{ "acknowledged": true }
Client libraries over HTTP
editFor more information about using security features with the language specific clients, refer to: