so, I in kabana console go get my 'id' which is a weird number(why not use the name which I called 'my_api_key' and instead use my weird id which is 'R7IAE3EB20gJv1tBoxY6'????)
and I go to website and type in my id:apikey to be used and tell website encode base 64.
2 questions
WHY are we encoding a string that is already a string in base64? base 64 is to put bytes into a string so you can put in json or some form of a string(this is backwards and should be fixed)
It's not working with header Www-Authenticate: ApiKey {key} in a curl command
FAILURE doesn't really tell me much on what I should do:
{"error":{"root_cause":[{"type":"security_exception","reason":"action [cluster:monitor/main] requires authentication","header":{"WWW-Authenticate":["Bearer realm="security"","ApiKey","Basic realm="security" charset="UTF-8""]}}],"type":"security_exception","reason":"action [cluster:monitor/main] requires authentication","header":{"WWW-Authenticate":["Bearer realm="security"","ApiKey","Basic realm="security" charset="UTF-8""]}},"status":401}
oh and I was going off of this too
which also has the WWW-Authenticate: ApiKey in the response for some reason like I didn't supply that?
This is not meant to be a generic API key documentation and thus it shows only how to use the API keys with the metricbeat.
This is the correct reference documentation for creating API keys !
You don't actually "get your 'id'", you create an API key.
The API key has a name, an ID and a value. All serve different purposes, the name ID is something you specify to help you identify the API key, the id is something unique that identifies the API key in the system.
Please don't do that. Your API key is your credentials, don't enter them in arbitrary websites, the same way you wouldn't enter your username and password in there. You can base64 encode it locally with i.e. :
echo -n 'theidhere:theapikeyhere' | base64
This mimics the Authorization header where credentials are base64 encoded to allow for non-HTTP-compatible characters in them. We realize this extra step is cumbersome and we are tracking adding support for this here so that we can return the base64 encoded string directly when you create the API key.
The header name is Authorization , not Www-Authenticate, it's shown in the example in the docs you referenced above too, the correct call is :
Www-Authenticate is a response header , not a request header, and Elasticsearch is using that to tell you what kind of authentication schemes you can use.
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.