API key: unable to find apikey with id

chaserb · December 28, 2022, 2:57pm

I appear to be having the same issue that @inbox.ex was having here, in that I'm receiving 401 when interacting with the Elastcisearch endpoint. According to this doc, I've created an API key for my deployment, and now I'm just trying to do a simple "cat" of the indices:

curl --location --request GET 'https://my-deployment-hostname.es.centralus.azure.elastic-cloud.com/_cat/indices' \
--header 'Authorization: ApiKey <my api key>'

This produces a 401 response with the following body:

{
    "error": {
        "root_cause": [
            {
                "type": "security_exception",
                "reason": "unable to authenticate with provided credentials and anonymous access is not allowed for this request",
                "additional_unsuccessful_credentials": "API key: unable to find apikey with id <my key id>",
                "header": {
                    "WWW-Authenticate": [
                        "Basic realm=\"security\" charset=\"UTF-8\"",
                        "Bearer realm=\"security\"",
                        "ApiKey"
                    ]
                }
            }
        ],
        "type": "security_exception",
        "reason": "unable to authenticate with provided credentials and anonymous access is not allowed for this request",
        "additional_unsuccessful_credentials": "API key: unable to find apikey with id <my key id>",
        "header": {
            "WWW-Authenticate": [
                "Basic realm=\"security\" charset=\"UTF-8\"",
                "Bearer realm=\"security\"",
                "ApiKey"
            ]
        }
    },
    "status": 401
}

It appears to at least recognize my authorization header, because it has decoded "my api key" and put "my key id" into the response message. Does anyone recognize what I'm doing wrong?

stephenb · December 28, 2022, 5:10pm

Hi @chaserb

You are using the wrong type of API key.

The docs you referenced are to create an Elasticsearch "Service" API key to operate on elasticsearch deployments in other words, API key to allow you to create, update, delete deployments not an API key to work on the data within a deployment.

For the operation you are trying...the elasticsearch normal REST APIs you need to create a "normal" API KEY from within Kibana

Or directly from the Security REST API

Two entirely separate APIs

One to work CRUD entire elasticsearch deployments

And the normal elasticsearch APIs that work within an elasticsearch cluster

chaserb · December 28, 2022, 5:20pm

That did it. Thanks for the clarification!

system · January 25, 2023, 5:21pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
After creating API key attempting to use it results in: missing authentication credentials for REST request Elasticsearch elastic-stack-security	4	10212	March 2, 2020
Connection issues using apikey Elasticsearch	3	4263	February 18, 2021
ApiError AuthenticationException even correct API Key is provided Elastic Search elastic-app-search	4	343	March 13, 2024
Authentication using apikey failed - unable to find apikey with id Elasticsearch	4	2932	July 27, 2023
"missing authentication credentials for REST request" error when attempting ApiKey authentication Elasticsearch	2	4853	June 25, 2020

API key: unable to find apikey with id

Related topics