Adds and updates users in the native realm. These users are commonly referred to as native users.
When updating a user, you can update everything but its username
and password
.
To change a user’s password, use the
change password API.
For more information about the native realm, see Realms and Configuring a native realm.
username
(required)
(string) An identifier for the user.
Usernames must be at least 1 and no more than 1024 characters. They can
contain alphanumeric characters (a-z
, A-Z
, 0-9
), spaces, punctuation, and
printable symbols in the Basic Latin (ASCII) block. Leading or trailing whitespace is not allowed.
refresh
true
, false
, or wait_for
.
These values have the same meaning as in the Index API,
but the default value for this API (Put User) is true
.
The following parameters can be specified in the body of a POST or PUT request:
enabled
true
.
email
full_name
metadata
password
(string) The user’s password. Passwords must be at least 6 characters long.
When adding a user, one of password
or password_hash
is required.
When updating an existing user, the password is optional, so that other
fields on the user (such as their roles) may be updated without modifying
the user’s password.
password_hash
(string) A hash of the user’s password. This must be produced using the
same hashing algorithm as has been configured for password storage. For more
details, see the explanation of the
xpack.security.authc.password_hashing.algorithm
setting in
User cache and password hash algorithms.
Using this parameter allows the client to pre-hash the password for performance and/or confidentiality reasons.
The password
parameter and the password_hash
parameter cannot be
used in the same request.
roles
(required)
[]
.
The following example creates a user jacknich
:
POST /_security/user/jacknich { "password" : "j@rV1s", "roles" : [ "admin", "other_role1" ], "full_name" : "Jack Nicholson", "email" : "jacknich@example.com", "metadata" : { "intelligence" : 7 } }
A successful call returns a JSON structure that shows whether the user has been created or updated.
After you add a user, requests from that user can be authenticated. For example:
curl -u jacknich:j@rV1s http://localhost:9200/_cluster/health