A newer version of this documentation is available.

Security API

reference

March 23, 2025

+ 12

The REST API supports all aspects of Couchbase-Server security

APIs in this Section

The Security REST API provides the endpoints for general security, for authentication, and for authorization. For a list of the endpoints, see the tables below.

General Security

HTTP Method URI Documented at

HTTP Method	URI	Documented at
`GET`	`./whoami`	Who Am I?
`GET`	`/settings/audit`	Configure Auditing
`POST`	`/settings/audit`	Configure Auditing
`GET`	`/settings/audit/descriptors`	Configure Auditing
`GET`	`/settings/security`	Restrict Node-Addition
`POST`	`/settings/security`	Restrict Node-Addition
`POST`	`/clusterInit`	Initialize a Cluster
`GET`	`/settings/security/[service-name]`	Configure On-the-Wire Security
`POST`	`/settings/security/[service-name]`	Configure On-the-Wire Security
`GET`	`/settings/security/responseHeaders`	Configure HSTS
`POST`	`/settings/security/responseHeaders`	Configure HSTS
`DELETE`	`/settings/security/responseHeaders`	Configure HSTS
`POST`	`/node/controller/changeMasterPassword`	Secret-Management API
`POST`	`/node/controller/rotateDataKey`	Secret-Management API

GET

./whoami

Who Am I?

GET

/settings/audit

Configure Auditing

POST

/settings/audit

Configure Auditing

GET

/settings/audit/descriptors

Configure Auditing

GET

/settings/security

Restrict Node-Addition

POST

/settings/security

Restrict Node-Addition

POST

/clusterInit

Initialize a Cluster

GET

/settings/security/[service-name]

Configure On-the-Wire Security

POST

/settings/security/[service-name]

Configure On-the-Wire Security

GET

/settings/security/responseHeaders

Configure HSTS

POST

/settings/security/responseHeaders

Configure HSTS

DELETE

/settings/security/responseHeaders

Configure HSTS

POST

/node/controller/changeMasterPassword

Secret-Management API

POST

/node/controller/rotateDataKey

Secret-Management API

Authentication

HTTP Method URI Documented at

HTTP Method	URI	Documented at
`GET`	`/settings/ldap`	Configure LDAP
`POST`	`/settings/ldap`	Configure LDAP
`GET`	`/settings/saslauthdAuth`	Configure saslauthd
`POST`	`/settings/saslauthdAuth`	Configure saslauthd
`GET`	`/settings/passwordPolicy`	Set Password Policy
`POST`	`/settings/passwordPolicy`	Set Password Policy
`POST`	`/controller/changePassword`	Change Password
`POST`	`/node/controller/loadTrustedCAs`	Load Root Certificates
`GET`	`/node/controller/loadTrustedCAs`	Get Root Certificates
`DELETE`	`/pools/default/trustedCAs/<id>`	Delete Root Certificates
`GET`	`/pools/default/certificates`	Retrieve All Node Certificates
`POST`	`/node/controller/reloadCertificate`	Upload and Retrieve Node Certificates
`GET`	`/pools/default/certificate/node/<ip-address-or-domain-name>`	Upload and Retrieve Node Certificates
`POST`	`/controller/regenerateCertificate`	Regenerate All Certificates

GET

/settings/ldap

Configure LDAP

POST

/settings/ldap

Configure LDAP

GET

/settings/saslauthdAuth

Configure saslauthd

POST

/settings/saslauthdAuth

Configure saslauthd

GET

/settings/passwordPolicy

Set Password Policy

POST

/settings/passwordPolicy

Set Password Policy

POST

/controller/changePassword

Change Password

POST

/node/controller/loadTrustedCAs

Load Root Certificates

GET

/node/controller/loadTrustedCAs

Get Root Certificates

DELETE

/pools/default/trustedCAs/<id>

Delete Root Certificates

GET

/pools/default/certificates

Retrieve All Node Certificates

POST

/node/controller/reloadCertificate

Upload and Retrieve Node Certificates

GET

/pools/default/certificate/node/<ip-address-or-domain-name>

Upload and Retrieve Node Certificates

POST

/controller/regenerateCertificate

Regenerate All Certificates

Authorization

HTTP Method URI Documented at

HTTP Method	URI	Documented at
`GET`	`/settings/rbac/roles`	List Roles
`GET`	`/settings/rbac/users`	List Current Users and Their Roles
`POST`	`/pools/default/checkPermissions`	Check Permissions
`GET`	`/settings/rbac/groups`	List Currently Defined Groups
`PUT`	`/settings/rbac/users/local/<new-username>`	Create a Local User
`PATCH`	`/settings/rbac/users/local/<existing-username>`	Create a Local User
`PUT`	`/settings/rbac/users/local/<new-username>`	Create an External User
`PUT`	`/settings/rbac/groups/<new-groupname>`	Create a Group
`DELETE`	`/settings/rbac/users/local/<local-username>`	Delete Users and Groups
`DELETE`	`/settings/rbac/users/external/<external-username>`	Delete Users and Groups
`DELETE`	`/settings/rbac/groups/<groupname>`	Delete Users and Groups

GET

/settings/rbac/roles

List Roles

GET

/settings/rbac/users

List Current Users and Their Roles

POST

/pools/default/checkPermissions

Check Permissions

GET

/settings/rbac/groups

List Currently Defined Groups