Authentication

» » »

« API reference Clusters - Apm - CRUD »

Disable elevated permissions

Disables elevated permissions for the user.

Request

DELETE /api/v1/users/auth/_elevate

Responses

200: (TokenResponse) The elevated permissions are disabled and the authorization token was generated
401: (BasicFailedReply) The authentication token is invalid or expired. (code: root.unauthorized)
501: (BasicFailedReply) You need to configure the authentication cluster. (code: authc.no_authentication_cluster)
502: (BasicFailedReply) The authentication cluster failed to process the request. The response body contains details about the error. (code: authc.authentication_cluster_error)

To perform this operation, you must be authenticated by means of one of the following methods: apiKey, basicAuth.

Request example

curl -XDELETE {{hostname}}/api/v1/users/auth/_elevate \
-u $CLOUD_USER:$CLOUD_KEY

Enable elevated permissions

Enables the elevated permissions for the current user. Elevated permissions allow the user to complete potentially destructive operations on clusters. Elevated permissions are available for a limited period of time and automatically expire if you do not renew them.

Request

POST /api/v1/users/auth/_elevate

Request body

(ElevatePermissionsRequest) The request for elevated permissions

Responses

200: (TokenResponse) Elevated permissions are enabled and the authorization token was generated.
400: (BasicFailedReply) Missed or invalid MFA token. (code: authc.invalid_token)
401: (BasicFailedReply) The authentication token is invalid or expired. (code: root.unauthorized)
501: (BasicFailedReply) You need to configure the authentication cluster. (code: authc.no_authentication_cluster)
502: (BasicFailedReply) The authentication cluster failed to process the request. The response body contains details about the error. (code: authc.authentication_cluster_error)

To perform this operation, you must be authenticated by means of one of the following methods: apiKey, basicAuth.

Request example

curl -XPOST {{hostname}}/api/v1/users/auth/_elevate \
-u $CLOUD_USER:$CLOUD_KEY \
-H 'Content-Type: application/json' \
-d '
{
   "token" : "string"
}
'

Login to ECE

Authenticates against available users.

Request

POST /api/v1/users/auth/_login

Request body

(LoginRequest) (required) The login request

Responses

200: (TokenResponse) Login successful, returns the token in the body (if 'login_state.path' not specified)
302: (EmptyResponse) Redirects to '/sso/token#BEARER_TOKEN?state=LOGIN_STATE' with the fragment containing a bearer token (if 'login_state.path' is specified)
401: (BasicFailedReply) The supplied authentication is invalid. (code: root.unauthenticated)
501: (BasicFailedReply) You need to configure the authentication cluster. (code: authc.no_authentication_cluster)
502: (BasicFailedReply) The authentication cluster failed to process the request. The response body contains details about the error. (code: authc.authentication_cluster_error)

To perform this operation, you must be authenticated by means of one of the following methods: apiKey, basicAuth.

Request example

curl -XPOST {{hostname}}/api/v1/users/auth/_login \
-u $CLOUD_USER:$CLOUD_KEY \
-H 'Content-Type: application/json' \
-d '
{
   "login_state" : {
      "path" : "string"
   },
   "password" : "string",
   "username" : "string"
}
'

Refresh authentication token

Issues a new authentication token.

Request

POST /api/v1/users/auth/_refresh

Responses

200: (TokenResponse) The token refreshed successfully and was returned in the body of the response.
401: (BasicFailedReply) The authentication token is invalid or expired. (code: root.unauthorized)
501: (BasicFailedReply) You need to configure the authentication cluster. (code: authc.no_authentication_cluster)
502: (BasicFailedReply) The authentication cluster failed to process the request. The response body contains details about the error. (code: authc.authentication_cluster_error)

To perform this operation, you must be authenticated by means of one of the following methods: apiKey, basicAuth.

Request example

curl -XPOST {{hostname}}/api/v1/users/auth/_refresh \
-u $CLOUD_USER:$CLOUD_KEY

Available authentication methods

Provides information about available authentication methods.

Request

GET /api/v1/users/auth/methods

Responses

200: (AvailableAuthenticationMethods) Available authentication methods response

To perform this operation, you must be authenticated by means of one of the following methods: apiKey, basicAuth.

Request example

curl -XGET {{hostname}}/api/v1/users/auth/methods \
-u $CLOUD_USER:$CLOUD_KEY

SAML callback

Accepts a callback request from an identity provider and authenticates the user.

Request

POST /api/v1/users/auth/saml/_callback

Form Parameters

Name	Type	Required	Description
`RelayState`	`string`	N	The optional relay state that the API (service provider) sent to the identity provider.
`SAMLResponse`	`string`	Y	A message issued by the identity provider to the service provider

Responses

302: (EmptyResponse) Redirects to the UI endpoint with an authorization token in the fragment and the relay state, if it was specified during the initialization.
401: (BasicFailedReply) The supplied SAML response is invalid. (code: root.unauthenticated)
501: (BasicFailedReply) You need to configure the authentication cluster. (code: authc.no_authentication_cluster)
502: (BasicFailedReply) The authentication cluster failed to process the request. The response body contains details about the error. (code: authc.authentication_cluster_error)

To perform this operation, you must be authenticated by means of one of the following methods: apiKey, basicAuth.

Request example

curl -XPOST {{hostname}}/api/v1/users/auth/saml/_callback \
-u $CLOUD_USER:$CLOUD_KEY

Initiate SAML protocol

Calls the authentication cluster to initiate SAML Single Sign-on (Web Browser SSO profile) protocol and redirects the user to the identity provider for authentication. The authentication cluster must be configured prior to initiation.

Request

GET /api/v1/users/auth/saml/_init

Query parameters

Name	Type	Required	Description
`state`	`string`	N	An optional relay state that is sent back to the client after the user is authenticated

Responses

302: (EmptyResponse) Redirects the client to the identity provider with a SAML authentication request
501: (BasicFailedReply) You need to configure the authentication cluster. (code: authc.no_authentication_cluster)
502: (BasicFailedReply) The authentication cluster failed to process the request. The response body contains details about the error. (code: authc.authentication_cluster_error)

To perform this operation, you must be authenticated by means of one of the following methods: apiKey, basicAuth.

Request example

curl -XGET {{hostname}}/api/v1/users/auth/saml/_init \
-u $CLOUD_USER:$CLOUD_KEY

« API reference Clusters - Apm - CRUD »

Authentication

Disable elevated permissions

Request

Responses

Request example

Enable elevated permissions

Request

Request body

Responses

Request example

Login to ECE

Request

Request body

Responses

Request example

Refresh authentication token

Request

Responses

Request example

Available authentication methods

Request

Responses

Request example

SAML callback

Request

Form Parameters

Responses

Request example

Initiate SAML protocol

Request

Query parameters

Responses

Request example

Getting Started Videos

Be in the know with the latest and greatest from Elastic.