All methods and paths for this operation:
Create a copy of an existing API key with a new ID. The cloned key inherits the role descriptors of the source key. This is intended for applications (such as Kibana) that need to create API keys on behalf of a user using an existing API key credential, since derived API keys (API keys created by API keys) are not otherwise supported.
Required authorization
- Cluster privileges:
manage_own_api_key
Query parameters
-
If
true(the default) then refresh the affected shards to make this operation visible to search, ifwait_forthen wait for a refresh to make this operation visible to search, iffalsethen do nothing with refreshes.Values are
true,false, orwait_for.
Body
Required
-
The credentials of the API key to clone. This is the secret value returned when the key was originally created.
-
A name for the cloned API key. If not provided, the name of the source key is used.
-
The expiration time for the cloned API key. By default, API keys never expire. Set to
nullto explicitly create a key with no expiration.External documentation -
Arbitrary metadata to associate with the cloned API key. It supports nested data structure. Within the metadata object, keys beginning with
_are reserved for system usage.
curl \
--request PUT 'http://api.example.com/_security/api_key/clone' \
--header "Authorization: $API_KEY" \
--header "Content-Type: application/json" \
--data '{"api_key":"string","name":"string","expiration":"string","metadata":{"additionalProperty1":{},"additionalProperty2":{}}}'