maxmustermann/kibana
1
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity
kibana/docs/api/using-api.asciidoc
Kaarina Tungseth 0b675b8908
[DOCS] Fixes to API docs (#71678) 
* [DOCS] Fixes to API docs

* Fixes rogue -u
2020-07-14 14:59:21 -05:00

72 lines
2.5 KiB
Plaintext
Raw Blame History

[[using-api]]
== Using the APIs
Interact with the {kib} APIs through the `curl` command and HTTP and HTTPs protocols.
It is recommended that you use HTTPs on port 5601 because it is more secure.
NOTE: The {kib} Console supports only Elasticsearch APIs. You are unable to interact with the {kib} APIs with the Console and must use `curl` or another HTTP tool instead. For more information, refer to <<console-kibana,Console>>.
[float]
[[api-authentication]]
=== Authentication
{kib} supports token-based authentication with the same username and password that you use to log into the {kib} Console. In a given HTTP tool, and when available, you can select to use its 'Basic Authentication' option, which is where the username and password are stored in order to be passed as part of the call.
[float]
[[api-calls]]
=== API calls
API calls are stateless. Each request that you make happens in isolation from other calls and must include all of the necessary information for {kib} to fulfill the request. API requests return JSON output, which is a format that is machine-readable and works well for automation.
Calls to the API endpoints require different operations. To interact with the {kib} APIs, use the following operations:
* *GET* - Fetches the information.
* *POST* - Adds new information.
* *PUT* - Updates the existing information.
* *DELETE* - Removes the information.
For example, the following `curl` command exports a dashboard:
[source,sh]
--
curl -X POST api/kibana/dashboards/export?dashboard=942dcef0-b2cd-11e8-ad8e-85441f0c2e5c
--
// KIBANA
[float]
[[api-request-headers]]
=== Request headers
For all APIs, you must use a request header. The {kib} APIs support the `kbn-xsrf` and `Content-Type` headers.
`kbn-xsrf: true`::
By default, you must use `kbn-xsrf` for all API calls, except in the following scenarios:
* The API endpoint uses the `GET` or `HEAD` operations
* The path is whitelisted using the <<settings, `server.xsrf.whitelist`>> setting
* XSRF protections are disabled using the `server.xsrf.disableProtection` setting
`Content-Type: application/json`::
Applicable only when you send a payload in the API request. {kib} API requests and responses use JSON. Typically, if you include the `kbn-xsrf` header, you must also include the `Content-Type` header.
Request header example:
[source,sh]
--
curl -X POST \
http://localhost:5601/api/spaces/space \
-H 'Content-Type: application/json' \
-H 'kbn-xsrf: true' \
-d '{
"id": "sales",
"name": "Sales",
"description": "This is your Sales Space!",
"disabledFeatures": []
}
'
--
Reference in a new issue View git blame Copy permalink