topic Re: Securing REST API access? in Getting Data In

Securing REST API access?

the_wolverine — Tue, 18 Dec 2012 00:08:28 GMT

Any documentation or examples on how I can secure access via REST API? Specifically, we want to restrict access to GET (no POST) and we want the standard granular access control to indexes, sources, sourcetypes, etc.

I'd also like to restrict access to specific endpoints.

Can this be done?

Re: Securing REST API access?

wwheeler4 — Tue, 18 Dec 2012 01:23:01 GMT

Definitely it can be done. I'm not sure about what's involved in setting that up administratively, but our installation requires authentication and access to hit various endpoints.

These pages describe authentication and authorization for the Splunk REST API:

http://docs.splunk.com/Documentation/Splunk/5.0.1/RESTAPI/RESTaccess
http://docs.splunk.com/Documentation/Splunk/5.0.1/RESTAPI/RESTusing#Authentication

Essentially, use auth/login to get the session key, and then pass the session key along in an HTTP header (Authorization request header) to get access to a given endpoint.

Re: Securing REST API access?

Damien_Dallimor — Tue, 18 Dec 2012 06:54:49 GMT

Have a look here :
http://docs.splunk.com/Documentation/Splunk/5.0/admin/authorizeconf

There are 2 specific REST capabilitys you can assign to a role :

[capability::rest_properties_get]
        * Required to get information from the services/properties endpoint.

[capability::rest_properties_set]
        * Required to edit the services/properties endpoint.

In Manager :

Re: Securing REST API access?

the_wolverine — Thu, 10 Jan 2013 17:58:48 GMT

Is there a way to restrict access to specific endpoints only?

Re: Securing REST API access?

the_wolverine — Mon, 14 Jan 2013 18:32:13 GMT

Are there any answers as to how to restrict access to specific endpoints?

Re: Securing REST API access?

ben_leung — Thu, 25 Feb 2016 18:15:19 GMT

This may be useful for allowing ACCESS to specific roles, but they loose a lot of options in terms of UI access as well since they are just endpoints.

Lets say we disable the set capability, the real concern is that they still have read access. Disabling the get capability is going a little too far in my opinion.

Re: Securing REST API access?

ben_leung — Thu, 25 Feb 2016 18:18:02 GMT

I have a case open with Splunk.. Case 325092

Re: Securing REST API access?

ben_leung — Thu, 25 Feb 2016 18:29:39 GMT

Is it possible to specify the endpoints you do not want to grant visibility and then not allow access to them?

Re: Securing REST API access?

leomeyerovich — Wed, 08 Aug 2018 02:07:00 GMT

It took us awhile for Graphistry -- search and rest_properies_get (https://answers.splunk.com/answers/60259/rest-api-permissions-issue.html?utm_source=answers&utm_medium=web&utm_campaign=leomeyerovich-close-social-share-678298).