Question about Token Management API


(Ong) #1

I am using X-Pack 5.5.2 and have integrated them into Elasticsearch and Kibana. I am trying out the Security API for a use case, which is to restrict the search results depending on the user's role. The user will first need to log into the application.

Currently I am looking at the Authenticate, User Management and Role Management APIs. There is also this Token Management API.

In the Token Management API, there is a "expires_in" which is defaulted to 1200. Can this value be changed to a longer duration?

If I use the Authenticate API, is the Token Management API needed? In what cases is the Token Management API suitable for?


(Tim Vernum) #2

Generally speaking you do not want to interact with any of those APIs.

If you simply need to login to Elasticsearch, you provide the user's credentials in the HTTP request for each interaction with the REST API.

E.g. you include a username and password in the Authorization header, or you provide a X.509 certificate as part of the SSL setup.

The Token Management API allows you to use a username + password to generate a temporary token based credential instead. It can be used as the basis for an OAuth like setup.

The Authenticate API, simply provides information about the user who is authenticating, it does not establish any sort of authenticated session.


(system) #3

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.