Change Default API Username

Sumit Kumawat

unread,

Feb 28, 2025, 4:03:22 AM2/28/25

to Wazuh | Mailing List

Dear Team,

I need to update the default API username while keeping the existing settings unchanged. Kindly guide me on the steps or necessary modifications.

Looking forward to your support.

Screenshot 2025-02-28 135602.png

Othniel Ebolum

unread,

Feb 28, 2025, 5:13:38 AM2/28/25

to Wazuh | Mailing List

Hello Sumit,

To update the default API username in Wazuh while keeping the existing settings unchanged, you’ll need to modify the Wazuh manager API user configuration. The Wazuh API uses a default administrative user, wazuh, and another user, wazuh-wui, to communicate with the Wazuh dashboard.

The process involves

creating a new user with the desired username,
assigning it the appropriate permissions,
updating the relevant configuration files

Ensure you have administrative access to the Wazuh manager server. You’ll need the current API credentials (default: wazuh:wazuh unless previously changed, or you can also check /usr/share/wazuh-dashboard/data/wazuh/config/wazuh.yml scroll to the bottom and you will see the credentials ) to authenticate API requests. You should also back up the dashboard config file or take a snapshot to prevent accidental loss.

The steps that can be followed, please crosscheck them and make changes were necessary before adopting.

1. Authenticate to the Wazuh API

TOKEN=$(curl -u wazuh:wazuh -k -X GET "https://localhost:55000/security/user/authenticate?raw=true")

Replace wazuh:wazuh with your current username and password if they’ve been changed.

You can confirm the token was generated with

echo $TOKEN

2. Create a New API User

Instead of directly modifying the default wazuh username, it’s safer to create a new user with your desired username and assign it administrative privileges.

curl -k -X POST "https://localhost:55000/security/users" \
-H "Authorization: Bearer $TOKEN" \
-H "Content-Type: application/json" \
-d '{"username": "newapiuser", "password": "YourStrongPassword123!"}'

Of course change the newapiuser and the password to your desired input.

3. Assign an Administrative Role to the New User

First, retrieve the list of users to find the ID of newapiuser:

curl -k -X GET "https://localhost:55000/security/users?pretty=true" \
-H "Authorization: Bearer $TOKEN"

Look for the id that corresponds with the new user. mine was 3 when i testing out, so replace it in the next steps to whatever yours will be.

Map the administrator role (default role ID 1) to this user:

curl -k -X POST "https://localhost:55000/security/users/3/roles?role_ids=1" \
-H "Authorization: Bearer $TOKEN"

Remember to replace 3 with the actual user ID of newapiuser.

you should get an wrapped output of something like this

{
"data": {
"affected_items": [
{
"id": 3,
"username": "newapiuser",
"allow_run_as": false,
"roles": [1]
}
],
"total_affected_items": 1,
"total_failed_items": 0,
"failed_items": []
},
"message": "All roles were linked to user newapiuser",
"error": 0
}

which means it was successful.

4. Update the Wazuh Dashboard Configuration

you may need to update configurations where it’s referenced. Check the dashboard configuration file /usr/share/wazuh-dashboard/data/wazuh/config/wazuh.yml:

update the username to newapiuser and the password.

5. Test the New User

Verify that the new user works by authenticating with it:

TOKEN=$(curl -u newapiuser:YourStrongPassword123! -k -X GET "https://localhost:55000/security/user/authenticate?raw=true")

Change to yours and confirm with echo $TOKEN.

Then, test an API call, like listing users:

curl -k -X GET "https://localhost:55000/security/users?pretty=true" \
-H "Authorization: Bearer $TOKEN"

If successful, the new user is functional.

6. Restart Services

Restart the Wazuh manager and dashboard services to apply changes:

sudo systemctl restart wazuh-manager
sudo systemctl restart wazuh-dashboard

you can confirm on the dashboard after restart