HTTP/REST clients and security
editHTTP/REST clients and security
editThe Elasticsearch security features work with standard HTTP basic authentication headers to authenticate users. Since Elasticsearch is stateless, this header must be sent with every request:
Alternatively, you can use token-based authentication services.
Client examples
editThis example uses curl
without basic auth to create an index:
curl -XPUT 'localhost:9200/idx'
{ "error": "AuthenticationException[Missing authentication token]", "status": 401 }
Since no user is associated with the request above, an authentication error is
returned. Now we’ll use curl
with basic auth to create an index as the
rdeniro
user:
curl --user rdeniro:taxidriver -XPUT 'localhost:9200/idx'
{ "acknowledged": true }
Secondary authorization
editSome APIs support secondary authorization headers for situations where you want tasks to run with a different set of credentials. For example, you can send the following header in addition to the basic authentication header:
The es-secondary-authorization
header has the same syntax as the
Authorization
header. It therefore also supports the use of
token-based authentication services. For
example:
Client libraries over HTTP
editFor more information about using security features with the language specific clients, refer to: