For many developers, Postman is used to testing REST interfaces. In my previous article “How to Install Elasticsearch on Linux, MacOS, and Windows”, I also showed you how to access our Elasticsearch using Postman. Very straightforward for Postman to access Elasticsearch. However, there is one situation that I did not show: how do we access our Elasticsearch cluster using username and password once a cluster is secured?

Use Postman to access the Elastic Stack

Set security for the Elasticsearch cluster

You can set your username and password as I did in my previous article “Elasticsearch: Setting Elastic Account Security”. Once the username and password are set up, we must use username and password to access Elasticsearch when using Postman or any other language API.

In today’s experiment, I’m going to use Elastic Cloud. If you haven’t used Elastic Cloud, please check out my previous post “Elastic: Deploying An Elastic Cluster on an Elastic Cloud in 3 Minutes.” By default, Elastic Cloud comes with security Settings.

 

Use Elasticsearch HTTP/REST client in conjunction with Shield

First, we can refer to the official Elastic documentation. As the documentation shows: Elasticsearch is used with the standard HTTP basic authentication header to identify the requester. Since Elasticsearch is stateless, this header must be sent with each request:

Authorization: Basic <TOKEN>
Copy the code

Here <TOKEN> is calculated as base64 (USERNAME:PASSWORD).

We are looking for an online tool to calculate Base64 at www.base64encode.org/. Let’s say our username is elastic and our password is 123456.

When we put Elastic :123456 in and click the ENCODE button, we can find the encoded Base64 code. This will be the string we put into the header when we make the following Postman request.

Access Elasticsearch using Postman

With the above method to get the base64 token, I can then configure it in Postman. We open up Postman:

As shown in the figure above, we fill in the access address of Elasticsearch and the corresponding Basic

in the Authorization section of the header. Once we’ve filled it in, we click the Send button. We can see the result returned below.

So what if we have a payload when we ask for it? We can write our payload to Postman’s body:

Once we have finished testing our API with Postman, we can request Elasticsearch in any language, even if we don’t have to worry about the interfaces provided by those languages.

 

Reference:

【 1 】 www.elastic.co/guide/en/sh…