Package co.elastic.clients.elasticsearch.security

Class GrantApiKeyRequest

java.lang.Object
co.elastic.clients.elasticsearch._types.RequestBase
co.elastic.clients.elasticsearch.security.GrantApiKeyRequest
All Implemented Interfaces:
JsonpSerializable
@JsonpDeserializable public class GrantApiKeyRequest extends RequestBase implements JsonpSerializable
Grant an API key.

Create an API key on behalf of another user. This API is similar to the create API keys API, however it creates the API key for a user that is different than the user that runs the API. The caller must have authentication credentials for the user on whose behalf the API key will be created. It is not possible to use this API to create an API key without that user's credentials. The supported user authentication credential types are:

  • username and password
  • Elasticsearch access tokens
  • JWTs

The user, for whom the authentication credentials is provided, can optionally "run as" (impersonate) another user. In this case, the API key will be created on behalf of the impersonated user.

This API is intended be used by applications that need to create and manage API keys for end users, but cannot guarantee that those users have permission to create API keys on their own behalf. The API keys are created by the Elasticsearch API key service, which is automatically enabled.

A successful grant API key API call returns a JSON structure that contains the API key, its unique id, and its name. If applicable, it also returns expiration information for the API key in milliseconds.

By default, API keys never expire. You can specify expiration information when you create the API keys.

See Also:

  • Field Details

  • Method Details

    • of

      public static GrantApiKeyRequest of(Function<GrantApiKeyRequest.Builder,ObjectBuilder<GrantApiKeyRequest>> fn)

    • accessToken

      @Nullable public final String accessToken()
      The user's access token. If you specify the access_token grant type, this parameter is required. It is not valid with other grant types.

      API name: access_token

    • apiKey

      public final GrantApiKey apiKey()
      Required - The API key.

      API name: api_key

    • grantType

      public final ApiKeyGrantType grantType()
      Required - The type of grant. Supported grant types are: access_token, password.

      API name: grant_type

    • password

      @Nullable public final String password()
      The user's password. If you specify the password grant type, this parameter is required. It is not valid with other grant types.

      API name: password

    • refresh

      @Nullable public final Refresh refresh()
      If 'true', Elasticsearch refreshes the affected shards to make this operation visible to search. If 'wait_for', it waits for a refresh to make this operation visible to search. If 'false', nothing is done with refreshes.

      API name: refresh

    • runAs

      @Nullable public final String runAs()
      The name of the user to be impersonated.

      API name: run_as

    • username

      @Nullable public final String username()
      The user name that identifies the user. If you specify the password grant type, this parameter is required. It is not valid with other grant types.

      API name: username

    • serialize

      public void serialize(jakarta.json.stream.JsonGenerator generator, JsonpMapper mapper)
      Serialize this object to JSON.
      Specified by:
      serialize in interface JsonpSerializable

    • serializeInternal

      protected void serializeInternal(jakarta.json.stream.JsonGenerator generator, JsonpMapper mapper)

    • setupGrantApiKeyRequestDeserializer

      protected static void setupGrantApiKeyRequestDeserializer(ObjectDeserializer<GrantApiKeyRequest.Builder> op)