Version: 6.x-21
This is an older version of Search Guard. Switch to Latest version
Community

Using the Kibana API

Kibana offers an API for saved objects like index patterns, dashboards and visualizations. In order to use this API in conjunction with Search Guard you need to add user credentials as HTTP headers to these calls as well. What kind of HTTP header is required depends on the configured Search Guard authentication type.

HTTP Basic example:

copy

curl \
   -u hr_employee:hr_employee  \
   -H 'Content-Type: application/json' \
   -H "kbn-xsrf: true" \
   -XGET "http://localhost:5601/api/saved_objects/_find?type=index-pattern"

JWT example:

copy

curl \
   -H 'Authorization: Bearer <token>' \
   -H 'Content-Type: application/json' \
   -H "kbn-xsrf: true" \
   -XGET "http://localhost:5601/api/saved_objects/_find?type=index-pattern"

Proxy example:

copy

curl \
   -H 'x-forwarded-for: <IP>' \
   -H 'x-proxy-user: <username>' \   
   -H 'x-proxy-roles: <roles>' \      
   -H 'Content-Type: application/json' \
   -H "kbn-xsrf: true" \
   -XGET "http://localhost:5601/api/saved_objects/_find?type=index-pattern"

Multi tenancy

If you are using Search Guard Multitenancy, you can also specify the tenant by adding the sgtenant HTTP header:

copy

curl \
   -u hr_employee:hr_employee \
   -H "sgtenant: management" \
   -H 'Content-Type: application/json' \
   -H "kbn-xsrf: true" \
   -XGET "http://localhost:5601/api/saved_objects/_find?type=index-pattern"