IMPORTANT: No additional bug fixes or documentation updates will be released for this version. For the latest information, see the current release documentation.
Elastic Docs Elasticsearch Guide [7.6] REST APIs Security APIs
« Authenticate API Clear cache API »

Change passwords APIedit

Changes the passwords of users in the native realm and built-in users.

Requestedit

POST /_security/user/_password

POST /_security/user/<username>/_password

Prerequisitesedit

  • Every user can change their own password. Users with the manage_security privilege can change passwords of other users.

Descriptionedit

You can use the create user API to update everything but a user’s username and password. This API changes a user’s password.

For more information about the native realm, see Realms and Native user authentication.

Path parametersedit

username
(Optional, string) The user whose password you want to change. If you do not specify this parameter, the password is changed for the current user.

Request bodyedit

password
(Required, string) The new password value.

Examplesedit

The following example updates the password for the jacknich user:

POST /_security/user/jacknich/_password
{
  "password" : "s3cr3t"
}

A successful call returns an empty JSON structure.

{}
« Authenticate API Clear cache API »