Delete service account tokens APIedit

Deletes service account tokens for a service in a specified namespace.


DELETE /_security/service/<namespace>/<service>/credential/token/<token_name>


  • To use this API, you must have at least the manage_service_account cluster privilege.


In production mode, service accounts require TLS on the HTTP interface. A runtime check prevents you from invoking any related APIs or authenticating with a service account token unless TLS is enabled on the HTTP interface. See encrypt HTTP client communications for Elasticsearch.

The API response indicates whether the specified service account token is found and deleted or it is not found.

Path parametersedit

(Required, string) Name of the namespace.
(Required, string) Name of the service name.
(Required, string) Name of the service account token.


The following request deletes the token1 service account token from the elastic/fleet-server service account:

DELETE /_security/service/elastic/fleet-server/credential/token/token42

If the service account token is successfully deleted, the request returns {"found": true}. Otherwise, the response will have status code 404 and found` will be set to false.

  "found" : true