From 4d0b10f741b8be65be52e9bf0d31943fedcc91eb Mon Sep 17 00:00:00 2001
From: Rob Waight <43173714+rwaight@users.noreply.github.com>
Date: Tue, 8 Sep 2020 16:44:25 -0500
Subject: [PATCH] Update api-keys.asciidoc - API key prerequisites (#21026)

* Update api-keys.asciidoc - API key prerequisites

Add references to required privileges within the API key examples

* Update libbeat/docs/security/api-keys.asciidoc

Co-authored-by: DeDe Morton <dede.morton@elastic.co>

Co-authored-by: DeDe Morton <dede.morton@elastic.co>
---
 libbeat/docs/security/api-keys.asciidoc | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/libbeat/docs/security/api-keys.asciidoc b/libbeat/docs/security/api-keys.asciidoc
index 403fd011122..aa397ff5fee 100644
--- a/libbeat/docs/security/api-keys.asciidoc
+++ b/libbeat/docs/security/api-keys.asciidoc
@@ -14,6 +14,8 @@ API key. For different clusters, you need to use an API key per cluster.
 NOTE: For security reasons, we recommend using a unique API key per {beatname_uc} instance.
 You can create as many API keys per user as necessary.
 
+IMPORTANT: Review <<feature-roles>> before creating API keys for {beatname_uc}.
+
 [float]
 [[beats-api-key-publish]]
 === Create an API key for publishing
@@ -41,6 +43,8 @@ POST /_security/api_key
 <1> Name of the API key
 <2> Granted privileges, see <<feature-roles>>
 
+NOTE: See <<privileges-to-publish-events>> for the list of privileges required to publish events.
+
 The return value will look something like this:
 
 [source,console-result,subs="attributes,callouts"]
@@ -89,6 +93,8 @@ POST /_security/api_key
 <1> Name of the API key
 <2> Granted privileges, see <<feature-roles>>
 
+NOTE: See <<privileges-to-publish-monitoring>> for the list of privileges required to send monitoring data.
+
 The return value will look something like this:
 
 [source,console-result,subs="attributes,callouts"]