Create an API key

POST /_security/api_key

Copy endpoint

Create an API key for access without requiring basic authentication.

IMPORTANT: If the credential that is used to authenticate this request is an API key, the derived API key cannot have any privileges. If you specify privileges, the API returns an error.

A successful request returns a JSON structure that contains the API key, its unique id, and its name. If applicable, it also returns expiration information for the API key in milliseconds.

NOTE: By default, API keys never expire. You can specify expiration information when you create the API keys.

The API keys are created by the Elasticsearch API key service, which is automatically enabled. To configure or turn off the API key service, refer to API key service setting documentation.

Required authorization

Cluster privileges: manage_own_api_key

Parameters

query Query Parameters

Name	Type
`refresh` If `true` (the default) then refresh the affected shards to make this operation visible to search, if `wait_for` then wait for a refresh to make this operation visible to search, if `false` then do nothing with refreshes.	type TypesRefresh = "true" \| "false" \| "wait_for"

Request Body

application/json required

{
expiration?:

TypesDuration

A duration. Units can be nanos, micros, ms (milliseconds), s (seconds), m (minutes), h (hours) and d (days). Also accepts "0" without a unit and "-1" to indicate an unspecified value.

type TypesDuration = string | "-1" | "0"

;
name?:

TypesName

type TypesName = string

;
role_descriptors?: { };
metadata?:

TypesMetadata

interface TypesMetadata {
[key: string]: {};
}

;
}

Responses

200 application/json

{
api_key: string;
expiration?: number;
id:

TypesId

type TypesId = string

;
name:

TypesName

type TypesName = string

;
encoded: string;
}