Activate user profile API
editActivate user profile API
editThis functionality is in beta and is subject to change. The design and code is less mature than official GA features and is being provided as-is with no warranties. Beta features are not subject to the support SLA of official GA features.
Creates or updates a user profile on behalf of another user.
Request
editPOST /_security/profile/_activate
Prerequisites
edit-
To use this API, you must have the
manage_user_profile
cluster privilege.
Description
editThe activate user profile API creates or updates a profile document for end
users with information that is extracted from the user’s authentication object,
including username
, full_name
, roles
, and the authentication realm.
When updating a profile document, the API enables the document if it was
disabled. Any updates do not change existing content for either the labels
or
data
fields.
This API is intended only for use by applications (such as Kibana) that need to create or update profiles for end users.
The calling application must have either an access_token
, or a
combination of username
and password
for the user that the profile document
is intended for.
Request body
edit-
access_token
-
(Required*, string)
The user’s access token. If you specify the
access_token
grant type, this parameter is required. It is not valid with other grant types. -
grant_type
-
(Required, string) The type of grant.
Valid values for
grant_type
-
access_token
- (Required*, string) In this type of grant, you must supply an access token that was created by the Elasticsearch token service. For more information, see Get token and Token service settings.
-
password
-
(Required*, string)
In this type of grant, you must supply the
username
andpassword
for the user that you want to create the API key for.
-
-
password
-
(Optional*, string)
The user’s password. If you specify the
password
grant type, this parameter is required. It is not valid with other grant types. -
username
-
(Optional*, string)
The username that identifies the user. If you specify the
password
grant type, this parameter is required. It is not valid with other grant types.
*Indicates that the setting is required in some, but not all situations.
Response body
editA successful activate user profile API call returns a JSON structure that contains the profile unique ID, user information, timestamp for the operation and version control numbers.
Examples
editPOST /_security/profile/_activate { "grant_type": "password", "username" : "jacknich", "password" : "l0ng-r4nd0m-p@ssw0rd" }
The API returns the following response:
{ "uid": "u_79HkWkwmnBH5gqFKwoxggWPjEBOur1zLPXQPEl1VBW0_0", "enabled": true, "last_synchronized": 1642650651037, "user": { "username": "jacknich", "roles": [ "admin", "other_role1" ], "realm_name": "native", "full_name": "Jack Nicholson", "email": "[email protected]" }, "labels": {}, "data": {}, "_doc": { "_primary_term": 88, "_seq_no": 66 } }