Kibana API Tokens #5267
Labels
enhancement
New value added to drive a business result
Team:Core
Core services & architecture: plugins, logging, config, saved objects, http, ES client, i18n, etc
Now that we're adding REST API endpoints to the Kibana server (see #5199), we need a way to secure them. We need to prevent CSRF, but we can't just generate CSRF tokens per page load because a user might be hitting these endpoints from a client we don't control (e.g. configuration management system automatically bootstrapping a Kibana instance). As a result we'll need to implement an API token system that gives these users access to the API in a secure manner.
Some discussion points:
The text was updated successfully, but these errors were encountered: