Sematext Logs Elasticsearch API Extra Security | July 2018
The Sematext API for log ingestion log search has always been compatible with the Elasticsearch API. On top of that, the Sematext API has always had additional security in place, for example:
- HTTPS encryption on all Sematext data receivers
- The API used the App tokens as index name, with the ability to generate multiple read-only or write-only tokens in the App settings. For example, somebody who needs to set up a log shipper really requires only the write-only token and doesn’t need to know the read-capable token, which is needed only if you want to query logs via the API.
To further secure access to our customers’ data we now require not just the App token, but also the API key for log searches via API. Importantly, note that you do not have to change any of your log shipping.
This change affects only access via read APIs, not write APIs. You can get your API key from https://apps.sematext.com/ui/account/api and, as you can see there, it can be regenerated at any time should it ever get compromised.
The following example shows a search request with curl using the new authentication header:
curl 'https://logsene-search.sematext.com:443/<APP TOKEN HERE>/_search?size=0&pretty' -H 'Authorization: apiKey <API KEY HERE>'
The API also supports HTTP Basic Authentication. Therefore third-party tools using Elasticsearch client libraries that use Basic Authentication with Elasticsearch can authenticate as well. The username is then the “apiKey” literal, and the password is the actual API key. Here is another example using curl with basic authentication:
curl -v -u apiKey:<API KEY HERE> 'https://logsene-search.sematext.com/<APP TOKEN HERE>/_search?size=0&pretty'