Create a service account token
Generally available
Create a service accounts token for access without requiring basic authentication.
NOTE: Service account tokens never expire. You must actively delete them if they are no longer needed.
Required authorization
- Cluster privileges:
manage_service_account
Query parameters
-
refresh
string If
truethen refresh the affected shards to make this operation visible to search, ifwait_for(the default) then wait for a refresh to make this operation visible to search, iffalsethen do nothing with refreshes.Values are
true,false, orwait_for.
POST
/_security/service/{namespace}/{service}/credential/token
Console
POST /_security/service/elastic/fleet-server/credential/token/token1
resp = client.security.create_service_token(
namespace="elastic",
service="fleet-server",
name="token1",
)const response = await client.security.createServiceToken({
namespace: "elastic",
service: "fleet-server",
name: "token1",
});response = client.security.create_service_token(
namespace: "elastic",
service: "fleet-server",
name: "token1"
)$resp = $client->security()->createServiceToken([
"namespace" => "elastic",
"service" => "fleet-server",
"name" => "token1",
]);curl -X POST -H "Authorization: ApiKey $ELASTIC_API_KEY" "$ELASTICSEARCH_URL/_security/service/elastic/fleet-server/credential/token/token1"
Response examples (200)
A successful response from `POST /_security/service/elastic/fleet-server/credential/token/token1`. The response includes the service account token, its name, and its secret value as a bearer token.
{
"created": true,
"token": {
"name": "token1",
"value": "AAEAAWVsYXN0aWM...vZmxlZXQtc2VydmVyL3Rva2VuMTo3TFdaSDZ"
}
}