API key: unable to find apikey with id

I appear to be having the same issue that @inbox.ex was having here, in that I'm receiving 401 when interacting with the Elastcisearch endpoint. According to this doc, I've created an API key for my deployment, and now I'm just trying to do a simple "cat" of the indices:

curl --location --request GET 'https://my-deployment-hostname.es.centralus.azure.elastic-cloud.com/_cat/indices' \
--header 'Authorization: ApiKey <my api key>'

This produces a 401 response with the following body:

{
    "error": {
        "root_cause": [
            {
                "type": "security_exception",
                "reason": "unable to authenticate with provided credentials and anonymous access is not allowed for this request",
                "additional_unsuccessful_credentials": "API key: unable to find apikey with id <my key id>",
                "header": {
                    "WWW-Authenticate": [
                        "Basic realm=\"security\" charset=\"UTF-8\"",
                        "Bearer realm=\"security\"",
                        "ApiKey"
                    ]
                }
            }
        ],
        "type": "security_exception",
        "reason": "unable to authenticate with provided credentials and anonymous access is not allowed for this request",
        "additional_unsuccessful_credentials": "API key: unable to find apikey with id <my key id>",
        "header": {
            "WWW-Authenticate": [
                "Basic realm=\"security\" charset=\"UTF-8\"",
                "Bearer realm=\"security\"",
                "ApiKey"
            ]
        }
    },
    "status": 401
}

It appears to at least recognize my authorization header, because it has decoded "my api key" and put "my key id" into the response message. Does anyone recognize what I'm doing wrong?

Hi @chaserb

You are using the wrong type of API key.

The docs you referenced are to create an Elasticsearch "Service" API key to operate on elasticsearch deployments in other words, API key to allow you to create, update, delete deployments not an API key to work on the data within a deployment.

For the operation you are trying...the elasticsearch normal REST APIs you need to create a "normal" API KEY from within Kibana

Or directly from the Security REST API

Two entirely separate APIs

One to work CRUD entire elasticsearch deployments

And the normal elasticsearch APIs that work within an elasticsearch cluster

2 Likes

That did it. Thanks for the clarification!

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.