Management API conventions

The Management APIs for serverless have request header conventions.

The Management REST APIs for Elastic serverless let you manage resources that are available in multiple solutions. These resources include connectors, data views, and saved objects. If you've previously used the Elastic Stack, the Management APIs are similar to Kibana APIs.

Management API calls are stateless. Each request that you make happens in isolation from other calls and must include all of the necessary information for Kibana to fulfill the request. API requests return JSON output, which is a format that is machine-readable and works well for automation.

To interact with Management APIs, use the following operations:

  • GET: Fetches the information.
  • POST: Adds new information.
  • PUT: Updates the existing information.
  • DELETE: Removes the information.

You can prepend any Management API endpoint with kbn: and run the request in Dev Tools → Console. For example:

GET kbn:/api/data_views

Check out Console.

Request headers

When you call Management APIs outside of the Console, you must provide a request header. The Management APIs support the Authorization, Content-Type, and kbn-xsrf headers.

Authorization: ApiKey
Management APIs use key-based authentication. You must create an API key and use the encoded value in the request header. To learn about creating keys, go to API keys.
Content-Type: application/json
You must use this header when you send a payload in the API request. Typically, if you include the kbn-xsrf header, you must also include the Content-Type header.
kbn-xsrf: true
You must use this header for all API calls except GET or HEAD operations.

For example:

curl -X POST \
  "${KIBANA_URL}/api/data_views/data_view" \
  -H "Authorization: ApiKey ${API_KEY}" \
  -H 'Content-Type: application/json' \
  -H 'kbn-xsrf: true' \
  -d '{
    "data_view": {
      "title": "books*",
      "name": "My Books Data View"

On this page