Elasticsearch Creating API Keys in Elasticsearch: An Advanced Guide

By Opster Team

Updated: Oct 31, 2023

| 2 min read

Quick links


API keys in Elasticsearch are a secure way to manage authentication and authorization. They are a critical component in ensuring that your Elasticsearch cluster is protected from unauthorized access. This article will delve into the process of creating API keys in Elasticsearch, providing a detailed, step-by-step guide.

Understanding API Keys

API keys are a method of authentication that allows a user or a process to access the Elasticsearch cluster. They are a base64-encoded string which represents the credentials of a specific user. API keys can be set with specific roles, allowing granular control over what actions can be performed using the key.

Creating an API Key

Creating an API key in Elasticsearch involves making a POST request to the Elasticsearch `_security/api_key` API. The following steps outline this process:

1. Prepare and send your request: 

The first step is to prepare your POST request. This will include the necessary information to create the API key. The request should be structured as follows:

POST /_security/api_key
  "name": "my-api-key",
  "expiration": "10d",
  "role_descriptors": {
    "role-name": {
      "cluster": ["all"],
      "index": [
          "names": ["index-name"],
          "privileges": ["all"]

In this example, `my-api-key` is the name of the API key, `role-name` is the name of the role associated with the key, and `index-name` is the name of the index that the key has access to. The key is created for ten days and will expire after that duration. If you omit the expiration parameter, the API key will never expire.

2. Receive your API key:

After sending the request, Elasticsearch will respond with the API key. The response will look something like this:

  "id" : "VuaCfGcBCdbkQm-e5aOx",
  "name" : "my-api-key",
  "api_key" : "ui2lp2axTGuGuDtlkzrAUA"

The `id` and `api_key` fields represent your API key. The `api_key` field is the base64-encoded representation of your API key.

Managing API Keys

Once you have created an API key, you can manage it using the Elasticsearch _security/api_key API. You can invalidate an API key, which will prevent it from being used for authentication. You can also get information about an API key, such as when it was created and what roles it has.

To invalidate an API key, you can send a DELETE request to the _security API:

curl -X DELETE "localhost:9200/_security/api_key" -H 'Content-Type: application/json' -d'
  "ids" : ["VuaCfGcBCdbkQm-e5aOx"]

To get information about an API key, you can send a GET request to the _security API:

curl -X GET "localhost:9200/_security/api_key?id=VuaCfGcBCdbkQm-e5aOx"


In conclusion, API keys are a critical component in securing your Elasticsearch cluster. They provide a method of authentication that is both secure and flexible, allowing you to control who has access to your cluster and what actions they can perform. By following the steps outlined in this article, you can create and manage your own API keys in Elasticsearch.