All Apps and Add-ons

How do I do simple token based authentication with the REST modular TA?

centrafraserk
Path Finder

This seems like it should be really simple but I am having trouble wrapping my head around the different types of authentication available in the REST modular TA. Basically I am working with a NetBox instance and I am trying to pull in json data via the REST API. I am able to get data directly from the server by running this simple curl command:

curl -X GET --header 'Accept: application/json' --header 'Authorization: Token redactedtoken' 'https://netbox.mydomain.com/api/circuits/circuits/' --insecure

This returns the expected data running it directly on the OS. I do not think this is standard oath1 or oath2, but maybe on of those options can still work for this use case? I tried oath2 by setting the Token Type to "Token" and then entering my token value in the token field, but I receive an error stating that Token is not a valid type of Token. I have also tried putting "Authorization: Token redactedtoken" in the custom header field, and it does not parse that correctly as a header either and throws errors.

I can access parts of the API that do not require credentials, so I know that splunk can make the connection. I feel like I am missing something extremely simple, any thoughts would be appreciated. Even finding a way to log what curl command the rest.py script is trying to use would go a long way in figuring out what fields my information needs to go in.

0 Karma
1 Solution

Damien_Dallimor
Ultra Champion

Without seeing your actual config or any logs , this answer is merely a guess.

In the custom header field , the key : value is "=" delimited (mentioned in the annotation and example directly under the text entry field on the setup screen).

So :

Authorization=Token redactedtoken

View solution in original post

0 Karma

Damien_Dallimor
Ultra Champion

Without seeing your actual config or any logs , this answer is merely a guess.

In the custom header field , the key : value is "=" delimited (mentioned in the annotation and example directly under the text entry field on the setup screen).

So :

Authorization=Token redactedtoken
0 Karma

centrafraserk
Path Finder

Thank you this is correct, but now i don't see the json input anymore. I think the netbox server has limits, i will challenge them. Thank you so much! I appreciate your help!

0 Karma
Get Updates on the Splunk Community!

Improve Your Security Posture

Watch NowImprove Your Security PostureCustomers are at the center of everything we do at Splunk and security ...

Maximize the Value from Microsoft Defender with Splunk

 Watch NowJoin Splunk and Sens Consulting for this Security Edition Tech TalkWho should attend:  Security ...

This Week's Community Digest - Splunk Community Happenings [6.27.22]

Get the latest news and updates from the Splunk Community here! News From Splunk Answers ✍️ Splunk Answers is ...