Create or update user APIedit


The PutUserRequest class is used to create or update a user in the Native Realm. There are 3 different factory methods for creating a request.

Create or Update User with a Passwordedit

If you wish to create a new user (or update an existing user) and directly specifying the user’s new password, use the withPassword method as shown below:

char[] password = new char[]{'t', 'e', 's', 't', '-', 'u', 's', 'e', 'r', '-', 'p', 'a', 's', 's', 'w', 'o', 'r', 'd'};
User user = new User("example", Collections.singletonList("superuser"));
PutUserRequest request = PutUserRequest.withPassword(user, password, true, RefreshPolicy.NONE);

Create or Update User with a Hashed Passwordedit

If you wish to create a new user (or update an existing user) and perform password hashing on the client, then use the withPasswordHash method:

SecretKeyFactory secretKeyFactory = SecretKeyFactory.getInstance("PBKDF2withHMACSHA512");
PBEKeySpec keySpec = new PBEKeySpec(password, salt, 10000, 256);
final byte[] pbkdfEncoded = secretKeyFactory.generateSecret(keySpec).getEncoded();
char[] passwordHash = ("{PBKDF2}10000$" + Base64.getEncoder().encodeToString(salt)
    + "$" + Base64.getEncoder().encodeToString(pbkdfEncoded)).toCharArray();

PutUserRequest request = PutUserRequest.withPasswordHash(user, passwordHash, true, RefreshPolicy.NONE);

Update a User without changing their passwordedit

If you wish to update an existing user, and do not wish to change the user’s password, then use the updateUserProperties method:

PutUserRequest request = PutUserRequest.updateUser(user, true, RefreshPolicy.NONE);

Synchronous executionedit

When executing a PutUserRequest in the following manner, the client waits for the PutUserResponse to be returned before continuing with code execution:

PutUserResponse response =, RequestOptions.DEFAULT);

Synchronous calls may throw an IOException in case of either failing to parse the REST response in the high-level REST client, the request times out or similar cases where there is no response coming back from the server.

In cases where the server returns a 4xx or 5xx error code, the high-level client tries to parse the response body error details instead and then throws a generic ElasticsearchException and adds the original ResponseException as a suppressed exception to it.

Asynchronous executionedit

Executing a PutUserRequest can also be done in an asynchronous fashion so that the client can return directly. Users need to specify how the response or potential failures will be handled by passing the request and a listener to the asynchronous put-user method:, RequestOptions.DEFAULT, listener); 

The PutUserRequest to execute and the ActionListener to use when the execution completes

The asynchronous method does not block and returns immediately. Once it is completed the ActionListener is called back using the onResponse method if the execution successfully completed or using the onFailure method if it failed. Failure scenarios and expected exceptions are the same as in the synchronous execution case.

A typical listener for put-user looks like:

ActionListener<PutUserResponse> listener = new ActionListener<PutUserResponse>() {
    public void onResponse(PutUserResponse response) {

    public void onFailure(Exception e) {

Called when the execution is successfully completed.

Called when the whole PutUserRequest fails.


The returned PutUserResponse contains a single field, created. This field serves as an indication if a user was created or if an existing entry was updated.

boolean isCreated = response.isCreated(); 

created is a boolean indicating whether the user was created or updated