2018-08-18 02:17:33 -04:00
[role="xpack"]
[[security-api-put-user]]
2018-08-23 21:04:02 -04:00
=== Create or update users API
2018-12-20 13:23:28 -05:00
++++
<titleabbrev>Create or update users</titleabbrev>
++++
2018-08-18 02:17:33 -04:00
2018-08-23 21:04:02 -04:00
Adds and updates users in the native realm. These users are commonly referred
2018-08-18 02:17:33 -04:00
to as _native users_.
2019-08-02 13:56:05 -04:00
[[security-api-put-user-request]]
==== {api-request-title}
2018-08-18 02:17:33 -04:00
2018-12-11 04:13:10 -05:00
`POST /_security/user/<username>` +
2018-08-18 02:17:33 -04:00
2018-12-11 04:13:10 -05:00
`PUT /_security/user/<username>`
2018-08-18 02:17:33 -04:00
2019-08-02 13:56:05 -04:00
[[security-api-put-user-prereqs]]
==== {api-prereq-title}
* To use this API, you must have at least the `manage_security` cluster privilege.
[[security-api-put-user-desc]]
==== {api-description-title}
2018-08-18 02:17:33 -04:00
When updating a user, you can update everything but its `username` and `password`.
To change a user's password, use the
<<security-api-change-password, change password API>>.
For more information about the native realm, see
{stack-ov}/realms.html[Realms] and <<configuring-native-realm>>.
2019-08-02 13:56:05 -04:00
[[security-api-put-user-path-params]]
==== {api-path-parms-title}
2018-08-18 02:17:33 -04:00
2019-08-02 13:56:05 -04:00
`username`::
(Required, string) An identifier for the user.
2018-08-18 02:17:33 -04:00
+
--
[[username-validation]]
NOTE: Usernames must be at least 1 and no more than 1024 characters. They can
contain alphanumeric characters (`a-z`, `A-Z`, `0-9`), spaces, punctuation, and
printable symbols in the https://en.wikipedia.org/wiki/Basic_Latin_(Unicode_block)[Basic Latin (ASCII) block]. Leading or trailing whitespace is not allowed.
--
2019-08-02 13:56:05 -04:00
[[security-api-put-user-query-params]]
==== {api-query-parms-title}
2018-11-19 21:03:22 -05:00
`refresh`::
(string) One of `true`, `false`, or `wait_for`.
These values have the same meaning as in the <<docs-refresh, Index API>>,
but the default value for this API (Put User) is `true`.
2018-08-18 02:17:33 -04:00
2019-08-02 13:56:05 -04:00
[[security-api-put-user-request-body]]
==== {api-request-body-title}
2018-08-18 02:17:33 -04:00
The following parameters can be specified in the body of a POST or PUT request:
`enabled`::
(boolean) Specifies whether the user is enabled. The default value is `true`.
`email`::
(string) The email of the user.
`full_name`::
(string) The full name of the user.
`metadata`::
(object) Arbitrary metadata that you want to associate with the user.
2019-08-02 13:56:05 -04:00
`password`::
2018-11-19 21:03:22 -05:00
(string) The user's password. Passwords must be at least 6 characters long.
+
When adding a user, one of `password` or `password_hash` is required.
When updating an existing user, the password is optional, so that other
fields on the user (such as their roles) may be updated without modifying
the user's password.
2019-08-02 13:56:05 -04:00
`password_hash`::
2018-11-19 21:03:22 -05:00
(string) A _hash_ of the user's password. This must be produced using the
same hashing algorithm as has been configured for password storage. For more
details, see the explanation of the
`xpack.security.authc.password_hashing.algorithm` setting in
<<hashing-settings>>.
+
Using this parameter allows the client to pre-hash the password for
performance and/or confidentiality reasons.
+
The `password` parameter and the `password_hash` parameter cannot be
used in the same request.
2018-08-18 02:17:33 -04:00
2019-08-02 13:56:05 -04:00
`roles`::
(Required, list) A set of roles the user has. The roles determine the user's
access permissions. To create a user without any roles, specify an empty list:
`[]`.
2018-08-18 02:17:33 -04:00
2019-08-02 13:56:05 -04:00
[[security-api-put-user-example]]
==== {api-examples-title}
2018-08-18 02:17:33 -04:00
The following example creates a user `jacknich`:
2019-09-05 14:12:39 -04:00
[source,console]
2018-08-18 02:17:33 -04:00
--------------------------------------------------
2018-12-11 04:13:10 -05:00
POST /_security/user/jacknich
2018-08-18 02:17:33 -04:00
{
"password" : "j@rV1s",
"roles" : [ "admin", "other_role1" ],
"full_name" : "Jack Nicholson",
"email" : "jacknich@example.com",
"metadata" : {
"intelligence" : 7
}
}
--------------------------------------------------
A successful call returns a JSON structure that shows whether the user has been
created or updated.
2019-09-05 14:12:39 -04:00
[source,console-result]
2018-08-18 02:17:33 -04:00
--------------------------------------------------
{
2018-09-05 12:56:30 -04:00
"created": true <1>
2018-08-18 02:17:33 -04:00
}
--------------------------------------------------
2019-09-06 09:22:08 -04:00
2018-08-18 02:17:33 -04:00
<1> When an existing user is updated, `created` is set to false.
After you add a user, requests from that user can be authenticated. For example:
[source,shell]
--------------------------------------------------
curl -u jacknich:j@rV1s http://localhost:9200/_cluster/health
--------------------------------------------------
// NOTCONSOLE