api-authz
Installation
SKILL.md
API Authorization
All API routes in Kibana must have authorization checks. Authorization is not optional, even for
internalroutes.
Route Security Configuration
Routes declare authorization via the security option in KibanaRouteOptions:
router.get({
path: '/api/path',
security: {
authz: {
requiredPrivileges: ['<privilege_1>', '<privilege_2>'],
},
},
...
}, handler);