• Overview
  • Introduction and overview
    • Components
    • Appearance
    • REST API
    • Applications
    • Help
• Architecture
  • Components
    • Processes
    • Configuration files
• Splunk Web appearance
  • How Splunk Uses Skins
    • Skins css Files
    • Images/skins directory
  • Add or remove themes
    • Create a new skin
    • Example
  • Dashboard customization
    • Configuration
    • List modules
    • Add search modules
    • Add html modules
    • Link dashboard to user
• REST API
  • Splunk's REST API
    • Using REST Methods
    • Splunk REST endpoint mappings
    • HTTP ports Splunk uses
    • Examples
  • Get started
    • Send a request
    • Get a response
  • Output formats via XML
    • Example Generic Response
    • Example Generic Response with Messaging
    • Generic Response with Messaging (via error codes)
    • Example Atom Feed Response
    • Example Atom Feed with Messaging
    • Example Atom Entry Response
  • SDKs
    • Python SDK
  • Create a custom endpoint
    • Make a custom application directory
    • Write a handler script
    • Configure restmap.conf
    • Restrict endpoint access
    • Add supporting configuration files
• Auth
  • Authentication Methods
    • HTTP header auth
    • HTTP digest
    • URL Parameters
  • Authentication Endpoint
    • Login
  • Authentication examples
    • Command Line
    • Python SDK
    • Other Python example
• Properties
  • Properties Endpoint
    • Properties
    • $FILE_NAME
    • $STANZA_NAME
    • $KEY_NAME
    • PropertiesNS
  • Configuration file access with Python
    • Configuration
    • Example
• Search
  • Search Overview
    • Handling Search Results
    • Result Formats
  • Search Endpoint
    • Jobs
    • Search ID
    • Events
    • Results
    • Timeline
    • Summary
    • Control
  • Search with the Python SDK
    • Create a search
    • Work with search results
    • Examples
  • Custom search scripts
    • Configuration files
    • Working with results
    • Authenticate
    • Example
• Saved
  • Saved Endpoint
    • Searches
    • $SAVED_SEARCH_NAME
• Streams
  • Streams Endpoint
    • Search
    • Livetail
• Applications
  • Developer applications overview
  • Applications Endpoint
    • Local
    • $APP_NAME
    • Remote Entries
    • Remote $APP_NAME
    • Category Path
    • Remote Login
• SplunkBase
  • SplunkBase API
    • Apps
    • Types
    • Category Path
    • Entries
    • App Name
• Legacy
  • Legacy methods
    • $LEGACY_METHOD_NAME

Authentication Methods

Authentication refers to the process of validating the identity of the requesting client. Authorization can only occur after authentication, and refers to the process of granting permission to the requesting client for performing a certain action. Unfortunately, the HTTP standard named its authentication header incorrectly. It's confusing.

The splunkd HTTPS server supports the following authentication methods:

• HTTP header auth
• HTTP digest auth
• URL parameters

All requests return an HTTP 401 code if the credentials are invalid. An HTTP 403 is returned if the credentials are valid but the request was denied because of insufficient privileges.

HTTP header auth

Splunkd supports token-based authentication via the standard HTTP authentication headers.

• Obtain a session key via the /services/auth/login endpoint, for example 71e2f3553ba1dd279e36a6920a1e7840.
• Insert the session key into the auth header of every subsequent request, as follows:

Authorization: Splunk 71e2f3553ba1dd279e36a6920a1e7840

HTTP digest

Splunkd supports HTTP digest authentication, as defined by RFC 2617. This is the method that is invoked when you browse the HTTP server from a web browser. Most modern HTTP clients support digest authentication natively. You can't use HTTP Digest on non-Splunk users. For example, if you are using LDAP for auth in Splunk, those users won't be able to be authenticated with the HTTP Digest methods.

Use this method by to authenticate via a URL:

http://admin:changeme@localhost:8089/

Your favorite programming language's web library will have different ways of handling this. Examples in this manual use Python.

URL Parameters

URL parameters refers to the older style of authentication used by Splunk versions 1.0 through 3.1. This method is only available for legacy applications, or instances where LDAP is the primary means of authentication.

• Obtain the authStr generated by the older userLogin invokeAPI call. The string is an XML fragment that contains 3 key nodes: userId, username, and authToken.
• Append those 3 values to the final request URI.

For example:

https://localhost:8089/services/search/jobs

Ends up as:

https://localhost:8089/services/search/jobs?userId=1&username=admin&authToken=135932556