"missing authentication credentials for REST request" error when attempting ApiKey authentication

New implementation of elasticsearch (first timer).

elasticsearch version: 7.6.1
Basic license

I'm able to use username/password method of adding content to an index, however not able to get ApiKey method to work for authentication.

Get error response: missing authentication credentials for REST request

Am I formatting the header incorrectly or missing something else that is needed for API key type of authentication?

Let me know if you'd like to see node configuration files or anything else regarding security xpack setup.

Request using ApiKey authorization...

curl -XPOST -k -H "Content-Type: application/json" -H "Authorization: ApiKey QzZZZzg1ZnJRVVNfWXVxdU9SM0poZw==" https://myelasticsearchURL:9200/test/_doc -d'{"timestamp": "05/27/2020 09:28:38PM","servername": "mpclktest","level": "INFO","process": "test","message": "Just a test message (added using API key)."}'

Response:

{"error":{"root_cause":[{"type":"security_exception","reason":"missing authentication credentials for REST request [/test/_doc]","header":{"WWW-Authenticate":["Bearer realm=\"security\"","ApiKey","Basic realm=\"security\" charset=\"UTF-8\""]}}],"type":"security_exception","reason":"missing authentication credentials for REST request [/test/_doc]","header":{"WWW-Authenticate":["Bearer realm=\"security\"","ApiKey","Basic realm=\"security\" charset=\"UTF-8\""]}},"status":401}

This is how I created the API key (thru Kibana console)...

POST /_security/api_key
{
  "name": "dev-test-basic",
  "expiration": "90d", 
  "role_descriptors": { 
    "role": {
      "cluster": ["all"],
      "index": [
        {
          "names": ["test*"],
          "privileges": ["create","read","write"]
        }
      ]
    }
  }
}

I used the api_key returned to do BASE64 convert for use as string in header of request.
Used PowerShell to convert the key...

$api_binary = [System.Text.Encoding]::UTF8.GetBytes("C6Yg85frQUS_YuquOR3Jhg")
$api_base64 = [System.Convert]::ToBase64String($api_binary)
$api_base64

Result:
QzZZZzg1ZnJRVVNfWXVxdU9SM0poZw==

Confirmed in API keys thru Kibana that this particular API key is valid and active.

By the way, and perhaps related... I was trying to create an API key which developers could use that would allow them to insert test data into a test index. Only wanted to grant limited privileges to be able to do that.

If I wanted to not allow any rights to do stuff with the cluster, do I just remove the "all" so it'd be "cluster": [] for that when creating the key?

Obviously still much to learn!

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.