Anonymous authenticationedit

This documentation refers to configuring the standalone (legacy) APM Server. This method of running APM Server will be deprecated and removed in a future release. Please consider upgrading to Fleet and the APM integration. If you’ve already upgraded, see Anonymous authentication.

Elastic APM agents can send unauthenticated (anonymous) events to the APM Server. This is useful for agents that run on clients, like the Real User Monitoring (RUM) agent running in a browser, or the iOS/Swift agent running in a user application. Incoming requests are considered to be anonymous if no authentication token can be extracted from the incoming request. By default, these anonymous requests are rejected and an authentication error is returned.

Anonymous authentication must be enabled to collect RUM data. To enable anonymous access, set either apm-server.rum.enabled or apm-server.auth.anonymous.enabled to true.

Because anyone can send anonymous events to the APM Server, additional configuration variables are available to rate limit the number anonymous events the APM Server processes; throughput is equal to the rate_limit.ip_limit times the rate_limit.event_limit.

See Anonymous authentication for a complete list of options and a sample configuration file.