https://community.splunk.com/t5/Getting-Data-In/For-Splunk-API-requests-are-authentication-tokens-needed/m-p/647759#M110146 <P>Hi</P><P>1st request can use any user which have access for REST queries.</P><P>One note: when you are writing "-u &lt;user:pass&gt;" on command line anyone on that node can see it on process list and from your history if they have enough power for that! For that reason it's better to put those to variable and then use it on cmd. You can do it like this on *nix command line.</P><LI-CODE lang="markup">read VarUserPass admin:changeme ^D curl -k -u $VarUserPass https://localhost:8089/servicesNS/admin/-/alerts/alert_actions</LI-CODE><P>&nbsp;</P><P>2nd one can use any users (including admins) which have valid authentication token assigned to them.</P><P>r. Ismo</P> Wed, 21 Jun 2023 11:05:20 GMT isoutamo 2023-06-21T11:05:20Z https://community.splunk.com/t5/Getting-Data-In/For-Splunk-API-requests-are-authentication-tokens-needed/m-p/647736#M110143 <P>Hello</P> <P>I was reading about making requests to the Splunk API. When I was reading this link below and when making a request the username (admin) and password (pass) need to be included in the request which is seen below:</P> <PRE>curl -k -u admin:pass https://localhost:8089/servicesNS/admin/-/alerts/alert_actions</PRE> <P><A href="https://docs.splunk.com/Documentation/SplunkCloud/9.0.2303/RESTREF/RESTsearch#search.2Fjobs" target="_blank" rel="noopener">https://docs.splunk.com/Documentation/SplunkCloud/9.0.2303/RESTREF/RESTsearch#search.2Fjobs</A></P> <P>However there was another link mentioning that authentication tokens are needed to make API requests.</P> <PRE>curl -H "Authorization: &lt;type&gt; &lt;token&gt;" -X &lt;method&gt; https://&lt;instance host name or IP address&gt;:&lt;management port&gt;/&lt;REST endpoint&gt; -d &lt;data...&gt; [-d &lt;data...&gt;...]</PRE> <P><A href="https://docs.splunk.com/Documentation/SplunkCloud/9.0.2209/Security/UseAuthTokens" target="_blank" rel="noopener">https://docs.splunk.com/Documentation/SplunkCloud/9.0.2209/Security/UseAuthTokens</A></P> <P>Is the first API request can only be used by admins and is the second request only given to users granted access by admins where they are given authentication tokens?</P> Thu, 22 Jun 2023 17:28:52 GMT https://community.splunk.com/t5/Getting-Data-In/For-Splunk-API-requests-are-authentication-tokens-needed/m-p/647736#M110143 asmyth1995 2023-06-22T17:28:52Z https://community.splunk.com/t5/Getting-Data-In/For-Splunk-API-requests-are-authentication-tokens-needed/m-p/647759#M110146 <P>Hi</P><P>1st request can use any user which have access for REST queries.</P><P>One note: when you are writing "-u &lt;user:pass&gt;" on command line anyone on that node can see it on process list and from your history if they have enough power for that! For that reason it's better to put those to variable and then use it on cmd. You can do it like this on *nix command line.</P><LI-CODE lang="markup">read VarUserPass admin:changeme ^D curl -k -u $VarUserPass https://localhost:8089/servicesNS/admin/-/alerts/alert_actions</LI-CODE><P>&nbsp;</P><P>2nd one can use any users (including admins) which have valid authentication token assigned to them.</P><P>r. Ismo</P> Wed, 21 Jun 2023 11:05:20 GMT https://community.splunk.com/t5/Getting-Data-In/For-Splunk-API-requests-are-authentication-tokens-needed/m-p/647759#M110146 isoutamo 2023-06-21T11:05:20Z https://community.splunk.com/t5/Getting-Data-In/For-Splunk-API-requests-are-authentication-tokens-needed/m-p/647764#M110147 <P>Thank you very much for answering that. I was also checking the status codes for the REST API and it doesn't include a 429 status code. Does the GET requests to the saved/search query have any rate limits or is there a max number of API calls that you can do in a day?</P> Wed, 21 Jun 2023 11:17:17 GMT https://community.splunk.com/t5/Getting-Data-In/For-Splunk-API-requests-are-authentication-tokens-needed/m-p/647764#M110147 asmyth1995 2023-06-21T11:17:17Z https://community.splunk.com/t5/Getting-Data-In/For-Splunk-API-requests-are-authentication-tokens-needed/m-p/647770#M110148 <P>Unfortunately I don't know those limits and in personally haven't even gotten those.</P><P><a href="https://community.splunk.com/t5/user/viewprofilepage/user-id/106850">@gjanders</a>,&nbsp;<a href="https://community.splunk.com/t5/user/viewprofilepage/user-id/193014">@Brett</a>&nbsp;have you any experiences about rate limit for REST calls?</P> Wed, 21 Jun 2023 11:58:07 GMT https://community.splunk.com/t5/Getting-Data-In/For-Splunk-API-requests-are-authentication-tokens-needed/m-p/647770#M110148 isoutamo 2023-06-21T11:58:07Z https://community.splunk.com/t5/Getting-Data-In/For-Splunk-API-requests-are-authentication-tokens-needed/m-p/647894#M110167 <P>I'm unaware of any limits here...I haven't seen a documented limit for Splunk cloud instances for REST APi calls. There may be an AWS system that is helping to prevent a flood of traffic...(I'm not familiar with the actual Splunk cloud build)</P> Thu, 22 Jun 2023 10:42:19 GMT https://community.splunk.com/t5/Getting-Data-In/For-Splunk-API-requests-are-authentication-tokens-needed/m-p/647894#M110167 gjanders 2023-06-22T10:42:19Z