| mapped_pages | ||||
|---|---|---|---|---|
| applies_to |
|
|||
| products |
|
In {{serverless-short}} projects, the following types of API keys exist:
- Personal API keys, that you can create to allow external services to access your serverless project, including the {{es}} and {{kib}} APIs, on behalf of a user.
- Managed API keys, created and managed by {{kib}} to correctly run background tasks.
:::{admonition} Manage {{serverless-short}} project API access using {{ecloud}} API keys As an alternative to using {{serverless-short}} project API keys, which are tied to a single project, you can create {{ecloud}} API keys that include access to projects' {{es}} and {{kib}} APIs. This allows you to create keys that can interact with multiple projects, and manage API access centrally from the {{ecloud}} console.
The cross-project search feature requires {{ecloud}} API keys for programmatic access. :::
To manage API keys in {{kib}}, go to the API keys management page in the navigation menu or use the global search field.
:::{image} /deploy-manage/images/serverless-api-key-management.png :alt: API keys UI :screenshot: :::
In API keys, click Create API key:
:::{image} /deploy-manage/images/serverless-create-personal-api-key.png :alt: Create API key UI :screenshot: :width: 50% :::
Once created, you can copy the encoded API key and use it to send requests to the {{es}} HTTP API. For example:
curl "${ES_URL}" \
-H "Authorization: ApiKey ${API_KEY}"::::{important} API keys are intended for programmatic access. Don’t use API keys to authenticate access using a web browser.
::::
When you create or update an API key, use Control security privileges to configure access to specific {{es}} APIs and resources. Define the permissions using a JSON role_descriptors object, where you specify one or more roles and the associated privileges.
For example, the following role_descriptors object defines a books-read-only role that limits the API key to read privileges on the books index.
{
"books-read-only": {
"cluster": [],
"indices": [
{
"names": ["books"],
"privileges": ["read"]
}
],
"applications": [],
"run_as": [],
"metadata": {},
"transient_metadata": {
"enabled": true
}
}
}For the role_descriptors object schema, check out the /_security/api_key endpoint docs. For supported privileges, check Security privileges.
In API keys, click on the name of the key. You can update only Control security privileges and Include metadata.
The API keys app lists your API keys, including the name, date created, and status. When API keys expire, the status changes from Active to Expired.
You can delete API keys individually or in bulk.