topic REST API - Unauthorized error in Getting Data In

REST API - Unauthorized error

av2214 — Thu, 09 Apr 2020 16:41:20 GMT

I am trying to connect with REST API and I am able to use this guide https://answers.splunk.com/answers/685730/can-i-use-rest-api-without-curl.html

I can obtain the session key but on using that, I still get an unauthorized error when trying to pull results of a search.

I am going through a proxy server to make my request and avoid CORS issues. Any pointers woul dbe appreciated.

Re: REST API - Unauthorized error

jkat54 — Thu, 09 Apr 2020 18:13:45 GMT

How are you using the session key?

Re: REST API - Unauthorized error

serenalekh — Thu, 09 Apr 2020 21:21:59 GMT

The session key is being used to make a POST call to create a job and a GET call to retrieve the results of that job.,,The session key is being used to make a POST call to create a search and then make a GET call to get the search results.

Re: REST API - Unauthorized error

jkat54 — Thu, 09 Apr 2020 22:51:13 GMT

An example of your POST please...

Re: REST API - Unauthorized error

serenalekh — Wed, 30 Sep 2020 04:55:55 GMT

Here's the example

$.ajax({
url: url,
type: "POST",
contentType: "application/json",
dataType: "json",
data:'{"search" : "search index=esys_shibboleth OR index= Shibboleth-Audit", "output_mode":"json"}',
beforeSend: function (xhr) {
xhr.setRequestHeader('Authorization', 'Basic' + btoa("username:password"));

Re: REST API - Unauthorized error

serenalekh — Wed, 30 Sep 2020 04:55:58 GMT

Instead of passing the username and password if the session key (obtained a login POST call) is passed in this manner :
$.ajax({
url: url,
type: "POST",
contentType: "application/json",
"Authorization": "Splunk " + sessionkey,
dataType: "json",
data:'{"search" : "search index=esys_shibboleth OR index= Shibboleth-Audit", "output_mode":"json"}',

still throws a 401

Re: REST API - Unauthorized error

jkat54 — Fri, 10 Apr 2020 11:15:00 GMT

Doesn't appear you're setting the authorization header correctly in the 2nd example. Use the same xhdr method you used in the first example but set it with "Authorization: Splunk AUTHTOKEN"

Re: REST API - Unauthorized error

jkat54 — Fri, 10 Apr 2020 11:15:58 GMT

beforeSend: function (xhr) {
xhr.setRequestHeader('Authorization', 'Splunk' + authtoken);

Re: REST API - Unauthorized error

serenalekh — Fri, 10 Apr 2020 17:28:51 GMT

Tried this as well. Still Giving a 401. FYI, these API calls are going through the browser - using client side JS.

Re: REST API - Unauthorized error

jkat54 — Fri, 10 Apr 2020 18:51:08 GMT

Did you look at your request with packet sniffing or software proxy like fiddler by telerik?

Something is wrong with your post. It's that simple. Otherwise you wouldn't get 401.

Is there a space in the header between Splunk and token?

Re: REST API - Unauthorized error

serenalekh — Fri, 10 Apr 2020 19:06:25 GMT

No spaces, Yes i did try to check the request but everything looked fine

Re: REST API - Unauthorized error

jkat54 — Sun, 12 Apr 2020 12:49:07 GMT

Have you set the splunk admin user/password? If you're using the default, you can't authenticate with the rest endpoints. A UNiversal forwarder behaves this way at least...