[[security-api-authenticate]]
=== Authenticate API

The Authenticate API enables you to submit a request with a basic auth header to
authenticate a user and retrieve information about the authenticated user.
Returns a 401 status code if the user cannot be authenticated.

To authenticate a user, submit a GET request to the `_xpack/security/_authenticate` endpoint:

[source,js]
--------------------------------------------------
GET _xpack/security/_authenticate
--------------------------------------------------
// CONSOLE

A successful call returns a JSON structure that shows what roles are assigned
to the user.

[source,js]
--------------------------------------------------
{
  "username": "rdeniro",
  "roles": [
    "admin",
    "kibana4"
  ]
}
--------------------------------------------------