application/json

BodyRequired

  • grant_typestring

    Values are password, client_credentials, _kerberos, or refresh_token.

  • scopestring

    The scope of the token. Currently tokens are only issued for a scope of FULL regardless of the value sent with the request.

  • passwordstring
  • kerberos_ticketstring

    The base64 encoded kerberos ticket. If you specify the _kerberos grant type, this parameter is required. This parameter is not valid with any other supported grant type.

  • refresh_tokenstring

    The string that was returned when you created the token, which enables you to extend its life. If you specify the refresh_token grant type, this parameter is required. This parameter is not valid with any other supported grant type.

  • usernamestring

Responses

POST /_security/oauth2/token
POST /_security/oauth2/token
{
  "grant_type" : "client_credentials"
}
resp = client.security.get_token(
    grant_type="client_credentials",
)
const response = await client.security.getToken({
  grant_type: "client_credentials",
});
response = client.security.get_token(
  body: {
    "grant_type": "client_credentials"
  }
)
$resp = $client->security()->getToken([
    "body" => [
        "grant_type" => "client_credentials",
    ],
]);
curl -X POST -H "Authorization: ApiKey $ELASTIC_API_KEY" -H "Content-Type: application/json" -d '{"grant_type":"client_credentials"}' "$ELASTICSEARCH_URL/_security/oauth2/token"
Request examples
Run `POST /_security/oauth2/token` to obtain a token using the `client_credentials` grant type, which simply creates a token as the authenticated user.
{
  "grant_type" : "client_credentials"
}
Run `POST /_security/oauth2/token` to obtain a token for the `test_admin` user using the password grant type. This request needs to be made by an authenticated user with sufficient privileges that may or may not be the same as the one whose username is passed in the `username` parameter.
{
  "grant_type" : "password",
  "username" : "test_admin",
  "password" : "x-pack-test-password"
}
Response examples (200)
A successful response from `POST /_security/oauth2/token`.
{
  "access_token" : "dGhpcyBpcyBub3QgYSByZWFsIHRva2VuIGJ1dCBpdCBpcyBvbmx5IHRlc3QgZGF0YS4gZG8gbm90IHRyeSB0byByZWFkIHRva2VuIQ==",
  "type" : "Bearer",
  "expires_in" : 1200,
  "authentication" : {
    "username" : "test_admin",
    "roles" : [
      "superuser"
    ],
    "full_name" : null,
    "email" : null,
    "metadata" : { },
    "enabled" : true,
    "authentication_realm" : {
      "name" : "file",
      "type" : "file"
    },
    "lookup_realm" : {
      "name" : "file",
      "type" : "file"
    },
    "authentication_type" : "realm"
  }
}
A successful response from `POST /_security/oauth2/token`.
{
  "access_token" : "dGhpcyBpcyBub3QgYSByZWFsIHRva2VuIGJ1dCBpdCBpcyBvbmx5IHRlc3QgZGF0YS4gZG8gbm90IHRyeSB0byByZWFkIHRva2VuIQ==",
  "type" : "Bearer",
  "expires_in" : 1200,
  "authentication" : {
    "username" : "test_admin",
    "roles" : [
      "superuser"
    ],
    "full_name" : null,
    "email" : null,
    "metadata" : { },
    "enabled" : true,
    "authentication_realm" : {
      "name" : "file",
      "type" : "file"
    },
    "lookup_realm" : {
      "name" : "file",
      "type" : "file"
    },
    "authentication_type" : "realm"
  }
}