Clear service account token caches Generally available

POST /_security/service/{namespace}/{service}/credential/token/{name}/_clear_cache

Evict a subset of all entries from the service account token caches. Two separate caches exist for service account tokens: one cache for tokens backed by the service_tokens file, and another for tokens backed by the .security index. This API clears matching entries from both caches.

The cache for service account tokens backed by the .security index is cleared automatically on state changes of the security index. The cache for tokens backed by the service_tokens file is cleared automatically on file changes. ##Required authorization

  • Cluster privileges: manage_security
External documentation

Path parameters

  • namespace string Required

    The namespace, which is a top-level grouping of service accounts.

  • service string Required

    The name of the service, which must be unique within its namespace.

  • name string | array[string] Required

    A comma-separated list of token names to evict from the service account token caches. Use a wildcard (*) to evict all tokens that belong to a service account. It does not support other wildcard patterns.

Responses

  • 200 application/json
    Hide response attributes Show response attributes object
    • _nodes object Required
      Hide _nodes attributes Show _nodes attributes object
      • failures array[object]
        Hide failures attributes Show failures attributes object
        • type string Required

          The type of error

        • reason string | null

          A human-readable explanation of the error, in English.

          One of:
          string-1 string string-2 string | null
        • stack_trace string

          The server stack trace. Present only if the error_trace=true parameter was sent with the request.

        • caused_by object
        • root_cause array[object]
        • suppressed array[object]
      • total number Required

        Total number of nodes selected by the request.

      • successful number Required

        Number of nodes that responded successfully to the request.

      • failed number Required

        Number of nodes that rejected the request or failed to respond. If this value is not 0, a reason for the rejection or failure is included in the response.

    • cluster_name string Required
    • nodes object Required
      Hide nodes attribute Show nodes attribute object
      • * object Additional properties
        Hide * attribute Show * attribute object
        • name string Required
POST /_security/service/{namespace}/{service}/credential/token/{name}/_clear_cache 
POST /_security/service/elastic/fleet-server/credential/token/token1/_clear_cache

curl \
 --request POST 'http://api.example.com/_security/service/{namespace}/{service}/credential/token/{name}/_clear_cache'

Documentation preview

This is a preview of your version @2025-06-09 which is not yet released.

View current documentation