Getting Data In

Not able to authenticate Splunk REST API with Postman

spammenot66
Contributor

I'm able to confirm this works for me curl command is working for me. It returns a session ID.
curl -k https://splunkdomain.local:8089/services/auth/login --data-urlencode username={username} --data-urlencode password={password}

Using the same end point in Postman, it complains "Login failed". Can someone please assist? alt text

1 Solution

Chepech
Engager

So this is what I did to solve it... I noticed that the cURL generated by postman was not working and getting the exact same error you are seeing on the UI, this cURL command looks something like:

Spoiler
curl --location --request POST -k 'https://{{host}}:8089/services/auth/login' \
--data-urlencode 'username={{user}}' \
--data-urlencode 'password={{password}}'

So What I did was:

  • Go into Postman and click IMPORT
  • On the import Dialog go to the RAW Text tab and paste this:
    • Spoiler
      curl -k https://{{host}}:8089/services/auth/login --data-urlencode username={{user}} --data-urlencode password={{pass}}

And hit IMPORT, this will generate a working request. If you look at the cURL generated by it the only difference is that it actually sets the Content-Type header which seems to so the trick. It now looks something like this:

 

Spoiler
curl --location --request POST -k 'https://{{host}}:8089/services/auth/login' \
--header 'Content-Type: application/x-www-form-urlencoded' \
--data-urlencode 'username={{user}}' \
--data-urlencode 'password={{pass}}'

Trying this curl command on the terminal will also work.

 

View solution in original post

Chepech
Engager

Im stuck on the same issue, but if you look closely its not an AUTH falied, it is really a 400 Bad Request error, I'v been trying different ways to call the API on Postman but so far I haven't been able to get it working, but it works on cURL and using Requests on Python, so its definitively something related to the message formatting that is causing this.

0 Karma

Chepech
Engager

So this is what I did to solve it... I noticed that the cURL generated by postman was not working and getting the exact same error you are seeing on the UI, this cURL command looks something like:

Spoiler
curl --location --request POST -k 'https://{{host}}:8089/services/auth/login' \
--data-urlencode 'username={{user}}' \
--data-urlencode 'password={{password}}'

So What I did was:

  • Go into Postman and click IMPORT
  • On the import Dialog go to the RAW Text tab and paste this:
    • Spoiler
      curl -k https://{{host}}:8089/services/auth/login --data-urlencode username={{user}} --data-urlencode password={{pass}}

And hit IMPORT, this will generate a working request. If you look at the cURL generated by it the only difference is that it actually sets the Content-Type header which seems to so the trick. It now looks something like this:

 

Spoiler
curl --location --request POST -k 'https://{{host}}:8089/services/auth/login' \
--header 'Content-Type: application/x-www-form-urlencoded' \
--data-urlencode 'username={{user}}' \
--data-urlencode 'password={{pass}}'

Trying this curl command on the terminal will also work.

 

niketn
Legend

@spammenot66, following is what I had tried for HEC using JSON Data packet. I had to use http on my local, however, https should work if cURL worked fine for you.

https://wiki.splunk.com/User_talk:Niketnilay#Topic_5:_HTTP_Event_Collector_.28HEC.29_in_Windows_usin...

____________________________________________
| makeresults | eval message= "Happy Splunking!!!"
0 Karma
Get Updates on the Splunk Community!

Splunk Observability Cloud’s AI Assistant in Action Series: Analyzing and ...

This is the second post in our Splunk Observability Cloud’s AI Assistant in Action series, in which we look at ...

Elevate Your Organization with Splunk’s Next Platform Evolution

 Thursday, July 10, 2025  |  11AM PDT / 2PM EDT Whether you're managing complex deployments or looking to ...

Splunk Answers Content Calendar, June Edition

Get ready for this week’s post dedicated to Splunk Dashboards! We're celebrating the power of community by ...