Hello,
I want to share the Elastic curl API to the application team so that they can consume the API to get the data from Elastic search.
How do I provide the authorization to the application team to consume that API?
I don't want to share the Elasticsearch's username and password to them to hit the API.
Also I want to restrict them to consume only GET method.
Kindly let me know your suggestions.
To provide the application team with access to Elasticsearch without sharing the username and password, you can use API keys. API keys are base64-encoded strings that are used for service-to-service interactions.
Here are the steps to create an API key:
First, you need to create a role that has the necessary permissions. For example, if you want to allow only GET requests, you can create a role that has only 'read' permissions. You can do this in the Kibana Management UI or by using the Role Management API.
Once the role is created, you can create a user and assign this role to the user. This can also be done in the Kibana Management UI or by using the User Management API.
Now, you can create an API key for this user. You can do this by running the following command:
POST /_security/api_key
{
"name": "my-api-key",
"role_descriptors": {
"role-name": {
"cluster": ["all"],
"index": [
{
"names": ["index-name"],
"privileges": ["read"]
}
]
}
}
}
Replace 'role-name' with the name of the role you created and 'index-name' with the name of the index you want to give access to.
Authorization: ApiKey <base64_encoded_api_key>Remember, the API key is not retrievable after it's created. If you lose it, you'll have to create a new one.
Disclaimer: OpsGPT assisted me with part of this answer.
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.