Create agent key

edit

Create an APM agent API key. Specify API key privileges in the request body at creation time.

Privileges
edit

The user creating an APM agent API key must have at least the manage_own_api_key cluster privilege and the APM application-level privileges that it wishes to grant.

Example roleedit

The example below uses the Kibana role management API to create a role named apm_agent_key_user. Create and assign this role to a user that wishes to create APM agent API keys.

POST /_security/role/apm_agent_key_user
{
  "cluster": ["manage_own_api_key"],
  "applications": [
    {
      "application": "kibana-.kibana",
      "privileges": ["feature_apm.all"],
      "resources": ["*"]
    },
    {
      "application": "apm",
      "privileges": ["event:write", "config_agent:read"],
      "resources": ["*"]
    }
  ]
}
Request
edit

POST /api/apm/agent_keys

Request body
edit
name
(required, string) Name of the APM agent key.
privileges

(required, array) APM agent key privileges. It can take one or more of the following values:

  • event:write. Required for ingesting APM agent events.
  • config_agent:read. Required for APM agents to read agent configuration remotely.
Example
edit
POST /api/apm/agent_keys
{
    "name": "apm-key",
    "privileges": ["event:write", "config_agent:read"]
}
Response body
edit
{
  "agentKey": {
    "id": "3DCLmn0B3ZMhLUa7WBG9",
    "name": "apm-key",
    "api_key": "PjGloCGOTzaZr8ilUPvkjA",
    "encoded": "M0RDTG1uMEIzWk1oTFVhN1dCRzk6UGpHbG9DR09UemFacjhpbFVQdmtqQQ=="
  }
}

Once created, you can copy the API key (Base64 encoded) and use it to to authorize requests from APM agents to the APM Server.