Authenticationedit
Elasticsearch Service supports and recommends key-based authentication for the API. An API key allows you to perform most of the operations available in the UI console through API calls. You can create and manage deployments, configure remote clusters, set up traffic filters, manage extensions, and much more.
Only Organization owners can create API keys for every user role. Like users, API keys can be assigned roles to control their access to organizational resources, such as deployments. You can have multiple API keys for different purposes, and you can revoke them when you no longer need them.
To create an API key:
- Log in to the Elasticsearch Service Console.
- Go to your avatar in the upper right corner and choose Organization.
-
On the API keys tab of the Organization page, click Create API Key.
This key provides access to the API that enables you to manage your deployments. It does not provide access to Elasticsearch. To access Elasticsearch with an API key, create a key in Kibana or using the Elasticsearch API.
-
From the Create API Key page, you can configure your new key by adding a name, set expiration, or assign roles.
By default, the API key will expire three months after its creation date, but you can set the expiration to Never. The API key has no expiration, so it can be used indefinitely.
- Click Create API key, copy the generated API key, and store it in a safe place. You can also download the key as a CSV file.
The API key needs to be supplied in the Authorization header of a request, in the following format:
Authorization: ApiKey $EC_API_KEY
To revoke an API key:
- Log in to the Elasticsearch Service Console.
-
Go to your avatar in the upper right corner and choose Organization.
The keys currently associated with your organization are listed under the API keys tab of the Organization page.
- Find the key you want to revoke, and click the trash icon under Actions.