Elasticsearch API not designed to be consumed directly by a front-end client?

It's possible, but not recommended. The Elasticsearch API is not designed to be consumed directly by a front end client, and the security constraints that are put in place within X-Pack do not aim to be secure within that environment. Elastic recommends that you communicate with Elasticsearch from a backend process.

This sounds pretty convincing, and I wonder if it's someone from the elastic team. If true, then then I don't understand why I haven't encountered this information anywhere else. I thought elasticsearch.js was intended to work on client and server. Also, Kibana consumes the API directly, right?

1 Like

Elasticsearch has a REST API that returns data in JSON format. That API can be triggered by a variety of means and SDK's, the simplest of which is via curl on the command line. That data can be consumed by almost anything. I am not sure what that comment is implying or in what context!

Again, I am not sure I understand what the OP is trying to say here!

My lack of understanding extends to this quote as well. Also, if elastic does recommend it, it would be handy to provide a link to where it does!

afaik, Kibana is a node-js (I'd say) backend process, which talks to ES REST.

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.