How can I authenticate (Basic HTTP) a workflow act...

dpanych · ‎07-30-2018

I am collecting O365 email logs using Microsoft's MessageTrace api. There is another api called MessageTraceDetail, which uses two fields from an email event (MessageTraceId and RecipientAddress). I was able to build to a workflow action that calls the api using the two criteria from an event, it works great, but it asks for authentication (username and password) to O365. Once I log in, it displays the results fine, in json. Is there any way to securely bake in those credentials in a conf so that the user doesn't need to input credentials?

API: https://reports.office365.com/ecp/reportingwebservice/reporting.svc/MessageTraceDetail?$format=json&... eq '$RecipientAddress$' and MessageTraceId eq guid'$MessageTraceId$'

kalifehj · ‎08-03-2018

The Office 365 Reporting web service uses basic authentication. Which means that you have to send a Authorization header with your request. The header value is "Basic base64encode(username:password)", look up basic authentication and you will see examples.

I don't see a way to send this header using workflow actions. If you don't write your own python scripts, you should check out:
Splunk REST API Modular Input app -https://splunkbase.splunk.com/app/1546/
REST storage/passwords Manager for Splunk - https://splunkbase.splunk.com/app/4013/

If you want to index messagetrace and messagetracedetail data, you need to request the trace data, take the values from the trace and put them in the tracedetail request. You can set this up to run all the time and index all mail trace and tracedetail events.

How can I authenticate (Basic HTTP) a workflow action?

.conf24 | Registration Open!

ICYMI - Check out the latest releases of Splunk Edge Processor

Introducing the 2024 SplunkTrust!