NOTE: The {kib} Console supports only Elasticsearch APIs. You are unable to interact with the {kib} APIs with the Console and must use `curl` or another HTTP tool instead. For more information, refer to <<console-kibana,Console>>.
To use key-based authentication, you create an API key using the Elastic Console, then specify the key in the header of your API calls.
For information about API keys, refer to <<api-keys,API keys>>.
[float]
[[api-calls]]
=== API calls
API calls are stateless. Each request that you make happens in isolation from other calls and must include all of the necessary information for {kib} to fulfill the request. API requests return JSON output, which is a format that is machine-readable and works well for automation.
Calls to the API endpoints require different operations. To interact with the {kib} APIs, use the following operations:
* *GET* - Fetches the information.
* *POST* - Adds new information.
* *PUT* - Updates the existing information.
* *DELETE* - Removes the information.
[float]
[[api-request-headers]]
=== Request headers
For all APIs, you must use a request header. The {kib} APIs support the `kbn-xsrf` and `Content-Type` headers.
`kbn-xsrf: true`::
By default, you must use `kbn-xsrf` for all API calls, except in the following scenarios:
* The API endpoint uses the `GET` or `HEAD` operations
* The path is allowed using the <<settings-xsrf-allowlist, `server.xsrf.allowlist`>> setting
* XSRF protections are disabled using the <<settings-xsrf-disableProtection, `server.xsrf.disableProtection`>> setting