Grant an API key | Elasticsearch API documentation (original) (raw)

Dismiss highlight Show more

application/json

Body Required

• Hide api_key attributes Show api_key attributes object
  • A date histogram interval. Similar to Duration with additional units: w (week), M (month), q (quarter) andy (year)

  • role_descriptors object | array[object]

  The role descriptors for this API key. When it is not specified or is an empty array, the API key has a point in time snapshot of permissions of the specified user or access token. If you supply role descriptors, the resultant permissions are an intersection of API keys permissions and the permissions of the user or access token.
  Hide attribute Show attribute object
  * *
  object Additional properties
  Hide * attributes Show * attributes object
  * A list of cluster privileges. These privileges define the cluster level actions that API keys are able to execute.
  * A list of indices permissions entries.
  * A list of indices permissions for remote clusters.
  * A list of cluster permissions for remote clusters. NOTE: This is limited a subset of the cluster permissions.
  * #### global array[object] | object
  An object defining global privileges. A global privilege is a form of cluster privilege that is request-aware. Support for global privileges is currently limited to the management of application privileges.
  * A list of application privilege entries
  * Hide metadata attribute Show metadata attribute object
  * *
  object Additional properties
  * A list of users that the API keys can impersonate. NOTE: In Elastic Cloud Serverless, the run-as feature is disabled. For API compatibility, you can still specify an empty run_as field, but a non-empty list will be rejected.
  * Optional description of the role descriptor
  * Hide restriction attribute Show restriction attribute object
  * A list of workflows to which the API key is restricted. NOTE: In order to use a role restriction, an API key must be created with a single role descriptor.
  * Hide transient_metadata attribute Show transient_metadata attribute object
  * *
  object Additional properties

  • Hide metadata attribute Show metadata attribute object
    * *
    object Additional properties
• Values are access_token or password.
• The user's access token. If you specify the access_token grant type, this parameter is required. It is not valid with other grant types.

Responses

• 200 application/json
  Hide response attributes Show response attributes object
  • Time unit for milliseconds