Version: 6.x-22
Community

Using the Kibana API

Kibana offers an API for saved objects like index patterns, dashboards and visualizations. In order to use this API in conjunction with Search Guard you need to add user credentials as HTTP headers to these calls as well. What kind of HTTP header is required depends on the configured Search Guard authentication type.

HTTP Basic example:

copy

curl \
   -u hr_employee:hr_employee  \
   -H 'Content-Type: application/json' \
   -H "kbn-xsrf: true" \
   -XGET "http://localhost:5601/api/saved_objects/_find?type=index-pattern"

JWT example:

copy

curl \
   -H 'Authorization: Bearer <token>' \
   -H 'Content-Type: application/json' \
   -H "kbn-xsrf: true" \
   -XGET "http://localhost:5601/api/saved_objects/_find?type=index-pattern"

Proxy example:

copy

curl \
   -H 'x-forwarded-for: <IP>' \
   -H 'x-proxy-user: <username>' \   
   -H 'x-proxy-roles: <roles>' \      
   -H 'Content-Type: application/json' \
   -H "kbn-xsrf: true" \
   -XGET "http://localhost:5601/api/saved_objects/_find?type=index-pattern"

Multi tenancy

If you are using Search Guard Multitenancy, you can also specify the tenant by adding the sg_tenant HTTP header:

copy

curl \
   -u hr_employee:hr_employee \
   -H "sg_tenant: management" \
   -H 'Content-Type: application/json' \
   -H "kbn-xsrf: true" \
   -XGET "http://localhost:5601/api/saved_objects/_find?type=index-pattern"