https://community.splunk.com/t5/Security/401-Unauthorized-REST-API-using-GuzzleHttp/m-p/313349#M12816 <P>I found I was getting unauthorised using the 'admin' user but when I created my own with its own group giving it (admin, can_delete, power, splunk-system-role, user) privilages... I was able to get results using that... for example I created user bob then this worked.</P> <PRE><CODE>.\curl.exe -u bob:bob -k <A href="https://127.0.0.1:8089/servicesNS/nobody/search/saved/searches" target="test_blank">https://127.0.0.1:8089/servicesNS/nobody/search/saved/searches</A> </CODE></PRE> <P>,I found I was getting unauthorised using the 'admin' user but when I created my own with its own group giving it (admin, can_delete, power, splunk-system-role, user) privilages... I was able to get results using that... for example I created user bob then this worked.</P> <P>.\curl.exe -u bob:bob -k <A href="https://127.0.0.1:8089/servicesNS/nobody/search/saved/searches">https://127.0.0.1:8089/servicesNS/nobody/search/saved/searches</A></P> Thu, 21 Dec 2017 13:10:06 GMT yorkshireandrew 2017-12-21T13:10:06Z https://community.splunk.com/t5/Security/401-Unauthorized-REST-API-using-GuzzleHttp/m-p/313348#M12815 <P>I am using GuzzleHttp</P> <P>Login call " services/auth/login " works fine and I get the session token as well.</P> <P>but after this each call give me following error </P> <P><STRONG>Client error: <CODE>POST <A href="https://myip:8089/services/search/jobs" target="test_blank">https://myip:8089/services/search/jobs</A></CODE> resulted in a <CODE>401 Unauthorized</CODE> response: Unauthorized</STRONG></P> <P>here is my code:</P> <PRE><CODE>$host= "https://myip:8089/services/search/jobs"; $request = new \GuzzleHttp\Psr7\Request('POST', $host, [ 'headers' =&gt; ['Authorization' =&gt; 'Splunk xxxxxxxxxxxxxxxxxxxx', 'Content-Type' =&gt; 'application/x-www-form-urlencoded']]); $response = $client-&gt;send($request, [ 'verify' =&gt; false, 'form_params' =&gt; ["search" =&gt; 'search index="asm_live" sourcetype=syslog OR sourcetype=syslog_f5asm attack_type attack_type="*" ip_client="*" | stats count'] ]); </CODE></PRE> <P>I am running in circles and unable to figure out the problem.</P> Tue, 28 Nov 2017 12:03:58 GMT https://community.splunk.com/t5/Security/401-Unauthorized-REST-API-using-GuzzleHttp/m-p/313348#M12815 sandyapps 2017-11-28T12:03:58Z https://community.splunk.com/t5/Security/401-Unauthorized-REST-API-using-GuzzleHttp/m-p/313349#M12816 <P>I found I was getting unauthorised using the 'admin' user but when I created my own with its own group giving it (admin, can_delete, power, splunk-system-role, user) privilages... I was able to get results using that... for example I created user bob then this worked.</P> <PRE><CODE>.\curl.exe -u bob:bob -k <A href="https://127.0.0.1:8089/servicesNS/nobody/search/saved/searches" target="test_blank">https://127.0.0.1:8089/servicesNS/nobody/search/saved/searches</A> </CODE></PRE> <P>,I found I was getting unauthorised using the 'admin' user but when I created my own with its own group giving it (admin, can_delete, power, splunk-system-role, user) privilages... I was able to get results using that... for example I created user bob then this worked.</P> <P>.\curl.exe -u bob:bob -k <A href="https://127.0.0.1:8089/servicesNS/nobody/search/saved/searches">https://127.0.0.1:8089/servicesNS/nobody/search/saved/searches</A></P> Thu, 21 Dec 2017 13:10:06 GMT https://community.splunk.com/t5/Security/401-Unauthorized-REST-API-using-GuzzleHttp/m-p/313349#M12816 yorkshireandrew 2017-12-21T13:10:06Z https://community.splunk.com/t5/Security/401-Unauthorized-REST-API-using-GuzzleHttp/m-p/313350#M12817 <P>Thank you for your Answer.</P> <P>Actually I never found a solution for this, we had to use php SDK given by Splunk</P> <P>its works like a charm <span class="lia-unicode-emoji" title=":slightly_smiling_face:">🙂</span> </P> Thu, 21 Dec 2017 13:17:50 GMT https://community.splunk.com/t5/Security/401-Unauthorized-REST-API-using-GuzzleHttp/m-p/313350#M12817 sandyapps 2017-12-21T13:17:50Z