Getting Data In

Not able to authenticate Splunk REST API with Postman

spammenot66
Contributor

I'm able to confirm this works for me curl command is working for me. It returns a session ID.
curl -k https://splunkdomain.local:8089/services/auth/login --data-urlencode username={username} --data-urlencode password={password}

Using the same end point in Postman, it complains "Login failed". Can someone please assist? alt text

1 Solution

Chepech
Engager

So this is what I did to solve it... I noticed that the cURL generated by postman was not working and getting the exact same error you are seeing on the UI, this cURL command looks something like:

Spoiler
curl --location --request POST -k 'https://{{host}}:8089/services/auth/login' \
--data-urlencode 'username={{user}}' \
--data-urlencode 'password={{password}}'

So What I did was:

  • Go into Postman and click IMPORT
  • On the import Dialog go to the RAW Text tab and paste this:
    • Spoiler
      curl -k https://{{host}}:8089/services/auth/login --data-urlencode username={{user}} --data-urlencode password={{pass}}

And hit IMPORT, this will generate a working request. If you look at the cURL generated by it the only difference is that it actually sets the Content-Type header which seems to so the trick. It now looks something like this:

 

Spoiler
curl --location --request POST -k 'https://{{host}}:8089/services/auth/login' \
--header 'Content-Type: application/x-www-form-urlencoded' \
--data-urlencode 'username={{user}}' \
--data-urlencode 'password={{pass}}'

Trying this curl command on the terminal will also work.

 

View solution in original post

0 Karma

Chepech
Engager

Im stuck on the same issue, but if you look closely its not an AUTH falied, it is really a 400 Bad Request error, I'v been trying different ways to call the API on Postman but so far I haven't been able to get it working, but it works on cURL and using Requests on Python, so its definitively something related to the message formatting that is causing this.

0 Karma

Chepech
Engager

So this is what I did to solve it... I noticed that the cURL generated by postman was not working and getting the exact same error you are seeing on the UI, this cURL command looks something like:

Spoiler
curl --location --request POST -k 'https://{{host}}:8089/services/auth/login' \
--data-urlencode 'username={{user}}' \
--data-urlencode 'password={{password}}'

So What I did was:

  • Go into Postman and click IMPORT
  • On the import Dialog go to the RAW Text tab and paste this:
    • Spoiler
      curl -k https://{{host}}:8089/services/auth/login --data-urlencode username={{user}} --data-urlencode password={{pass}}

And hit IMPORT, this will generate a working request. If you look at the cURL generated by it the only difference is that it actually sets the Content-Type header which seems to so the trick. It now looks something like this:

 

Spoiler
curl --location --request POST -k 'https://{{host}}:8089/services/auth/login' \
--header 'Content-Type: application/x-www-form-urlencoded' \
--data-urlencode 'username={{user}}' \
--data-urlencode 'password={{pass}}'

Trying this curl command on the terminal will also work.

 

0 Karma

@spammenot66, following is what I had tried for HEC using JSON Data packet. I had to use http on my local, however, https should work if cURL worked fine for you.

https://wiki.splunk.com/User_talk:Niketnilay#Topic_5:_HTTP_Event_Collector_.28HEC.29_in_Windows_usin...

____________________________________________
| makeresults | eval message= "Happy Splunking!!!"
0 Karma
Get Updates on the Splunk Community!

Last Chance to Submit Your Paper For BSides Splunk - Deadline is August 12th!

Hello everyone! Don't wait to submit - The deadline is August 12th! We have truly missed the community so ...

Ready, Set, SOAR: How Utility Apps Can Up Level Your Playbooks!

 WATCH NOW Powering your capabilities has never been so easy with ready-made Splunk® SOAR Utility Apps. Parse ...

DevSecOps: Why You Should Care and How To Get Started

 WATCH NOW In this Tech Talk we will talk about what people mean by DevSecOps and deep dive into the different ...