Getting Data In

How can I authenticate (Basic HTTP) a workflow action?


I am collecting O365 email logs using Microsoft's MessageTrace api. There is another api called MessageTraceDetail, which uses two fields from an email event (MessageTraceId and RecipientAddress). I was able to build to a workflow action that calls the api using the two criteria from an event, it works great, but it asks for authentication (username and password) to O365. Once I log in, it displays the results fine, in json. Is there any way to securely bake in those credentials in a conf so that the user doesn't need to input credentials?

API:$format=json&... eq '$RecipientAddress$' and MessageTraceId eq guid'$MessageTraceId$'

0 Karma


The Office 365 Reporting web service uses basic authentication. Which means that you have to send a Authorization header with your request. The header value is "Basic base64encode(username:password)", look up basic authentication and you will see examples.

I don't see a way to send this header using workflow actions. If you don't write your own python scripts, you should check out:
Splunk REST API Modular Input app -
REST storage/passwords Manager for Splunk -

If you want to index messagetrace and messagetracedetail data, you need to request the trace data, take the values from the trace and put them in the tracedetail request. You can set this up to run all the time and index all mail trace and tracedetail events.

.conf21 Now Fully Virtual!
Register for FREE Today!

We've made .conf21 totally virtual and totally FREE! Our completely online experience will run from 10/19 through 10/20 with some additional events, too!