Package co.elastic.clients.elasticsearch.security

Class CreateApiKeyRequest

java.lang.Object
co.elastic.clients.elasticsearch._types.RequestBase
co.elastic.clients.elasticsearch.security.CreateApiKeyRequest
All Implemented Interfaces:
JsonpSerializable
@JsonpDeserializable public class CreateApiKeyRequest extends RequestBase implements JsonpSerializable
Create an API key.

Create an API key for access without requiring basic authentication.

IMPORTANT: If the credential that is used to authenticate this request is an API key, the derived API key cannot have any privileges. If you specify privileges, the API returns an error.

A successful request returns a JSON structure that contains the API key, its unique id, and its name. If applicable, it also returns expiration information for the API key in milliseconds.

NOTE: By default, API keys never expire. You can specify expiration information when you create the API keys.

The API keys are created by the Elasticsearch API key service, which is automatically enabled. To configure or turn off the API key service, refer to API key service setting documentation.

See Also:

  • Field Details

  • Method Details

    • of

      public static CreateApiKeyRequest of(Function<CreateApiKeyRequest.Builder,ObjectBuilder<CreateApiKeyRequest>> fn)

    • expiration

      @Nullable public final Time expiration()
      The expiration time for the API key. By default, API keys never expire.

      API name: expiration

    • metadata

      public final Map<String,JsonData> metadata()
      Arbitrary metadata that you want to associate with the API key. It supports nested data structure. Within the metadata object, keys beginning with _ are reserved for system usage.

      API name: metadata

    • name

      @Nullable public final String name()
      A name for the API key.

      API name: name

    • refresh

      @Nullable public final Refresh refresh()
      If true (the default) then refresh the affected shards to make this operation visible to search, if wait_for then wait for a refresh to make this operation visible to search, if false then do nothing with refreshes.

      API name: refresh

    • roleDescriptors

      public final Map<String,RoleDescriptor> roleDescriptors()
      An array of role descriptors for this API key. When it is not specified or it is an empty array, the API key will have a point in time snapshot of permissions of the authenticated user. If you supply role descriptors, the resultant permissions are an intersection of API keys permissions and the authenticated user's permissions thereby limiting the access scope for API keys. The structure of role descriptor is the same as the request for the create role API. For more details, refer to the create or update roles API.

      NOTE: Due to the way in which this permission intersection is calculated, it is not possible to create an API key that is a child of another API key, unless the derived key is created without any privileges. In this case, you must explicitly specify a role descriptor with no privileges. The derived API key can be used for authentication; it will not have authority to call Elasticsearch APIs.

      API name: role_descriptors

    • serialize

      public void serialize(jakarta.json.stream.JsonGenerator generator, JsonpMapper mapper)
      Serialize this object to JSON.
      Specified by:
      serialize in interface JsonpSerializable

    • serializeInternal

      protected void serializeInternal(jakarta.json.stream.JsonGenerator generator, JsonpMapper mapper)

    • setupCreateApiKeyRequestDeserializer

      protected static void setupCreateApiKeyRequestDeserializer(ObjectDeserializer<CreateApiKeyRequest.Builder> op)