Activate user profile APIedit

The user profile feature is designed only for use by Kibana and Elastic’s Observability, Enterprise Search, and Elastic Security solutions. Individual users and external applications should not call this API directly. Elastic reserves the right to change or remove this feature in future releases without prior notice.

Creates or updates a user profile on behalf of another user.

Requestedit

POST /_security/profile/_activate

Prerequisitesedit

  • To use this API, you must have the manage_user_profile cluster privilege.

Descriptionedit

The activate user profile API creates or updates a profile document for end users with information that is extracted from the user’s authentication object, including username, full_name, roles, and the authentication realm.

When updating a profile document, the API enables the document if it was disabled. Any updates do not change existing content for either the labels or data fields.

This API is intended only for use by applications (such as Kibana) that need to create or update profiles for end users.

The calling application must have either an access_token, or a combination of username and password for the user that the profile document is intended for.

Request bodyedit

access_token
(Required*, string) The user’s access token. If you specify the access_token grant type, this parameter is required. It is not valid with other grant types.
grant_type

(Required, string) The type of grant.

Valid values for grant_type
access_token
(Required*, string) In this type of grant, you must supply an access token that was created by the Elasticsearch token service. For more information, see Get token and Token service settings.
password
(Required*, string) In this type of grant, you must supply the username and password for the user that you want to create the API key for.
password
(Optional*, string) The user’s password. If you specify the password grant type, this parameter is required. It is not valid with other grant types.
username
(Optional*, string) The username that identifies the user. If you specify the password grant type, this parameter is required. It is not valid with other grant types.

*Indicates that the setting is required in some, but not all situations.

Response bodyedit

A successful activate user profile API call returns a JSON structure that contains the profile unique ID, user information, timestamp for the operation and version control numbers.

Examplesedit

POST /_security/profile/_activate
{
  "grant_type": "password",
  "username" : "jacknich",
  "password" : "l0ng-r4nd0m-p@ssw0rd"
}

The API returns the following response:

{
  "uid": "u_79HkWkwmnBH5gqFKwoxggWPjEBOur1zLPXQPEl1VBW0_0",
  "enabled": true,
  "last_synchronized": 1642650651037,
  "user": {
    "username": "jacknich",
    "roles": [
      "admin", "other_role1"
    ],
    "realm_name": "native",
    "full_name": "Jack Nicholson",
    "email": "jacknich@example.com"
  },
  "labels": {},
  "data": {},
  "_doc": {
    "_primary_term": 88,
    "_seq_no": 66
  }
}