Setting Up API Key Authentication
API keys provide an alternative method for authenticating API requests without using usernames and passwords.
Step 1: Create an API Key
Create an API key using the Elasticsearch REST API:
curl -u my_user:mypassword -X POST "localhost:9200/_security/api_key" -H 'Content-Type: application/json' -d'
{
"name": "my_api_key",
"role_descriptors": {
"my_role": {
"cluster": ["all"],
"index": [
{
"names": ["*"],
"privileges": ["all"]
}
]
}
}
}'
Step 2: Authenticate API Requests with the API Key
Include the API key in the request header.
Example: Indexing a Document
curl -H "Authorization: ApiKey <base64-encoded-api-key>" -X POST "localhost:9200/myindex/_doc/1" -H 'Content-Type: application/json' -d'
{
"name": "Jane Doe",
"age": 25,
"city": "San Francisco"
}'
To base64-encode the API key, use the following command (replace id:key with your actual API key):
echo -n "id:key" | base64
Output
The response indicates that the document is indexed successfully:
{
"_index": "myindex",
"_id": "1",
"_version": 1,
"result": "created",
"_shards": {
"total": 2,
"successful": 1,
"failed": 0
}
}
Elasticsearch API Authentication: How to Set Up with Examples
Elasticsearch is a powerful distributed search and analytics engine widely used for logging, monitoring, and data analysis. To protect your data and ensure secure access, setting up API authentication is essential.
This article will guide you through the process of configuring Elasticsearch API authentication with detailed examples and outputs. We will cover basic authentication, API keys, and role-based access control (RBAC).