How to call custom Kibana API on behalf of the user in plugin?

I am developing a Kibana plugin which is an "app". The application allows users to create notes to be stored on Elasticsearch, which has X-Pack installed.

The whole flow is like this:

  1. User logins to Kibana.
  2. User creates a note in the app.
  3. The app sends the note to the API /api/notes defined on Kibana server.
  4. Kibana server saves the note to Elasticsearch on behalf on the user.

The problem happens in Step 3 that the user credentials are NOT sent to the Kibana server. Without the credentials, I cannot store the note on behalf of the user.

How could I configure to send the credentials in the Kibana plugin?

Supplementary Information
Kibana: v5.2.2
ElasticSearch: v5.2.2

Any hints are very appreciated. Thank you!

You can use callWithRequest to send requests are the current user:

Thank you for the resources.

Now when user visits my application, it will prompt the him for login. Although the backend can now send request to Elasticsearch on behalf of the user after successful login, the behaviour is unexpected because the user has to login twice in Kibana. The first time when he reaches Kibana and the second time when he opens my app.

Is there any way that I can retrieve the authorization information from the first login so that my app won't prompt for login again?

Below is my setup in index.js:

  path: '/api/alert/demo',
  method: 'GET',
  handler(req, reply) {
    .callWithRequest(req, 'ping')
    .then(function (result) {
      reply(null, result);
    .catch(function (ex) {

I found that there was no authorization in the header for the first time the user visits my app. Therefore the API threw a 401 exception to the user, which triggered the login prompt.

Thank you again for any help!

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.