For creating a monitor input of our product, our customers have to type correct sourcetype and complex regular expression for whitelist. We want to create a simplified UI by using Modular Input. In the script a monitor input will be made automatically as same as adding it manually.
Could you tell me that is a good idea or bad one?
Even if our customers have correct permission, we are not sure if authentication tokens are necessary in the script.
Using Modular Inputs as a proxy just for creating a Monitor Input is a bit of a hack , and limiting what you can do in the UI.
Have you considered using the Web Framework and building a custom setup page for your Monitor Inputs (with you simplified approach). Your custom setup page could have whatever JS/HTML/CSS you want to provide your simpler experience for your users , and then you could have some Django serverside logic for your setup page that uses the Splunk REST API to create the Monitor Input stanza for you.
Sure you can. Splunk does this type of thing to aid in the install-time experience for some of our premium apps. Also consider that Splunk Web is built on top of the REST API itself. Start with a POST to data/inputs/monitor.
As to the authority question, the user executing the actions would have to have the correct permission in Splunk.