Hello
I was reading about making requests to the Splunk API. When I was reading this link below and when making a request the username (admin) and password (pass) need to be included in the request which is seen below:
curl -k -u admin:pass https://localhost:8089/servicesNS/admin/-/alerts/alert_actions
https://docs.splunk.com/Documentation/SplunkCloud/9.0.2303/RESTREF/RESTsearch#search.2Fjobs
However there was another link mentioning that authentication tokens are needed to make API requests.
curl -H "Authorization: <type> <token>" -X <method> https://<instance host name or IP address>:<management port>/<REST endpoint> -d <data...> [-d <data...>...]
https://docs.splunk.com/Documentation/SplunkCloud/9.0.2209/Security/UseAuthTokens
Is the first API request can only be used by admins and is the second request only given to users granted access by admins where they are given authentication tokens?
Hi
1st request can use any user which have access for REST queries.
One note: when you are writing "-u <user:pass>" on command line anyone on that node can see it on process list and from your history if they have enough power for that! For that reason it's better to put those to variable and then use it on cmd. You can do it like this on *nix command line.
read VarUserPass
admin:changeme
^D
curl -k -u $VarUserPass https://localhost:8089/servicesNS/admin/-/alerts/alert_actions
2nd one can use any users (including admins) which have valid authentication token assigned to them.
r. Ismo
Thank you very much for answering that. I was also checking the status codes for the REST API and it doesn't include a 429 status code. Does the GET requests to the saved/search query have any rate limits or is there a max number of API calls that you can do in a day?
I'm unaware of any limits here...I haven't seen a documented limit for Splunk cloud instances for REST APi calls. There may be an AWS system that is helping to prevent a flood of traffic...(I'm not familiar with the actual Splunk cloud build)