• Overview
  • Overview
  • Splunk Architecture
• REST API
  • Splunk's REST API
    • Using REST Methods
    • Splunk REST endpoint mappings
    • HTTP ports Splunk uses
    • What you need to know about searching with Splunk
    • Other important topics
  • Authentication methods
    • HTTP Header
    • HTTP digest
    • Old school
  • Login
    • /services/auth/login
  • Legacy methods
    • /services/invokeapi/legacy_method_name
  • Properties
    • /services/properties
    • /services/properties/file_name
    • /services/properties/file_name/stanza_name
    • /services/properties/file_name/stanza_name/key_name
  • Search
    • /services/search/jobs
    • /services/search/jobs/search_id
    • /services/search/jobs/search_id/events
    • /services/search/jobs/search_id/results
    • /services/search/jobs/search_id/timeline
    • /services/search/jobs/search_id/summary
    • /services/search/jobs/search_id/control
  • Streaming
    • /services/streams/search
    • /services/streams/livetail
• Configuration files
  • How do configuration files work?
    • Configuration file directory structure
    • Configuration file precedence
  • Create Regular Expressions
    • Filename
    • Format
    • Attributes
    • Splunk Reserved Keys
    • Examples
  • Add & Override Properties
    • Filename
    • Format
    • Spec
    • Attributes
    • Linemerging
    • Timestamp extraction configuration
    • Typing configuration
    • Class configuration
    • Source Type configuration
    • Examples
  • Add Input Configurations
    • Filename
    • Format
    • Input Types
    • Attributes
    • Additional Attributes
    • Examples
  • Recognize Source Types
    • Filename
    • Format
    • Examples
• Splunk Web appearance
  • How Splunk Uses Skins
    • Skins css Files
    • Images/skins directory
  • Add or remove themes
    • Create a new skin
    • Examples

Authentication methods

There are 3 methods of authenticating with the splunkd HTTP server.

Authentication is the process of validating the identity of the requesting client. Authorization can only occur after authentication, and refers to the process of granting permission to the requesting client for performing a certain action. (Unfortunately, the HTTP standard named its authentication header incorrectly.)

All requests return an HTTP 401 code if the credentials are invalid. An HTTP 403 is returned if the credentials are valid but the request was denied because of insufficient privileges.

HTTP Header

splunkd supports token-based authentication via the standard HTTP Authorization header. This is the recommended method for most programmatic accesses against the API.

1. Obtain a session key via the /services/auth/login endpoint, for example 71e2f3553ba1dd279e36a6920a1e7840
2. Insert the session key into the Authorization header of every subsequent request, as follows:

Authorization: Splunk 71e2f3553ba1dd279e36a6920a1e7840

HTTP digest

splunkd supports HTTP digest authentication, as defined by RFC 2617. This is the method that is invoked when you browse the HTTP server from a web browser. Most modern HTTP clients support digest authentication natively.

Old school

This is the older style of authentication used by Splunk versions 1.0 through 3.1. This method is only used for legacy applications, or instances where LDAP is the primary means of authentication.

1. Obtain the authStr generated by the older userLogin invokeAPI call. The string is an XML fragment that contains three key nodes: userId, username, and authToken.
2. Append those three values to the final request URI. For example, if you are requesting

https://localhost:8089/services/search/jobs

then the final URI would be:

https://localhost:8089/services/search/jobs?userId=1&username=admin&authToken=135932556