topic Re: How to delete session_key when done in REST API as non-admin user in Getting Data In

How to delete session_key when done in REST API as non-admin user

newfdawg — Fri, 08 Jun 2012 20:04:30 GMT

After programatically getting the session_key:
curl -k -u admin:pass https://localhost:8089/services/auth/login -d username=non-admin-user -d password=pass
and then using that for the rest of the tasks via the API. How do I as this same user (a non-admin user) release or delete the session key?
Also - does anyone know the lifetime of the session key?

Thank you!

Chris

Re: How to delete session_key when done in REST API as non-admin user

kristian_kolb — Fri, 08 Jun 2012 20:22:16 GMT

I suspect it's the same session length as for web GUI logins (Manager -> System Settings -> General Settings)
The actual setting is in server.conf.

As for deleting the session key, well, that's beyond me.

Re: How to delete session_key when done in REST API as non-admin user

gkanapathy — Fri, 08 Jun 2012 22:31:45 GMT

You can delete it with a DELETE http method call to the rest endpoint https://localhost:8089/services/authentication/httpauth-tokens/_authtokenname_

The duration of a session is set in server.conf [general] sessionTimeout.

update:

appears you could use curl:

curl -k -X DELETE -H "Authorization: Splunk 1a2b3c4d5e6f7g8h90" https://localhost:8089/services/authentication/httpauth-tokens/1a2b3c4d5e6f7g8h90

Re: How to delete session_key when done in REST API as non-admin user

newfdawg — Mon, 11 Jun 2012 21:15:56 GMT

Thank you - that did it! (After I added the edit_httpauths capability to the user's role).

Re: How to delete session_key when done in REST API as non-admin user

newfdawg — Mon, 11 Jun 2012 21:18:29 GMT

Thanks! It's 60 minutes on mine and that matches what I am seeing.