Create or update users
Generally available
Add and update users in the native realm. A password is required for adding a new user but is optional when updating an existing user. To change a user's password without updating any other fields, use the change password API.
Required authorization
- Cluster privileges:
manage_security
Path parameters
-
username
string Required An identifier for the user.
NOTE: Usernames must be at least 1 and no more than 507 characters. They can contain alphanumeric characters (a-z, A-Z, 0-9), spaces, punctuation, and printable symbols in the Basic Latin (ASCII) block. Leading or trailing whitespace is not allowed.
Query parameters
-
refresh
string Valid values are
true,false, andwait_for. These values have the same meaning as in the index API, but the default value for this API is true.Values are
true,false, orwait_for.
Body
Required
-
username
string -
metadata
object -
password
string -
password_hash
string A hash of the user's password. This must be produced using the same hashing algorithm as has been configured for password storage. For more details, see the explanation of the
xpack.security.authc.password_hashing.algorithmsetting in the user cache and password hash algorithm documentation. Using this parameter allows the client to pre-hash the password for performance and/or confidentiality reasons. Thepasswordparameter and thepassword_hashparameter cannot be used in the same request.External documentation -
roles
array[string] A set of roles the user has. The roles determine the user's access permissions. To create a user without any roles, specify an empty list (
[]). -
enabled
boolean Specifies whether the user is enabled.
POST /_security/user/jacknich
{
"password" : "l0ng-r4nd0m-p@ssw0rd",
"roles" : [ "admin", "other_role1" ],
"full_name" : "Jack Nicholson",
"email" : "jacknich@example.com",
"metadata" : {
"intelligence" : 7
}
}resp = client.security.put_user(
username="jacknich",
password="l0ng-r4nd0m-p@ssw0rd",
roles=[
"admin",
"other_role1"
],
full_name="Jack Nicholson",
email="jacknich@example.com",
metadata={
"intelligence": 7
},
)const response = await client.security.putUser({
username: "jacknich",
password: "l0ng-r4nd0m-p@ssw0rd",
roles: ["admin", "other_role1"],
full_name: "Jack Nicholson",
email: "jacknich@example.com",
metadata: {
intelligence: 7,
},
});response = client.security.put_user(
username: "jacknich",
body: {
"password": "l0ng-r4nd0m-p@ssw0rd",
"roles": [
"admin",
"other_role1"
],
"full_name": "Jack Nicholson",
"email": "jacknich@example.com",
"metadata": {
"intelligence": 7
}
}
)$resp = $client->security()->putUser([
"username" => "jacknich",
"body" => [
"password" => "l0ng-r4nd0m-p@ssw0rd",
"roles" => array(
"admin",
"other_role1",
),
"full_name" => "Jack Nicholson",
"email" => "jacknich@example.com",
"metadata" => [
"intelligence" => 7,
],
],
]);curl -X POST -H "Authorization: ApiKey $ELASTIC_API_KEY" -H "Content-Type: application/json" -d '{"password":"l0ng-r4nd0m-p@ssw0rd","roles":["admin","other_role1"],"full_name":"Jack Nicholson","email":"jacknich@example.com","metadata":{"intelligence":7}}' "$ELASTICSEARCH_URL/_security/user/jacknich"{
"password" : "l0ng-r4nd0m-p@ssw0rd",
"roles" : [ "admin", "other_role1" ],
"full_name" : "Jack Nicholson",
"email" : "jacknich@example.com",
"metadata" : {
"intelligence" : 7
}
}{
"created": true
}