Getting Data In

REST API - Unauthorized error

New Member

I am trying to connect with REST API and I am able to use this guide https://answers.splunk.com/answers/685730/can-i-use-rest-api-without-curl.html

I can obtain the session key but on using that, I still get an unauthorized error when trying to pull results of a search.

I am going through a proxy server to make my request and avoid CORS issues. Any pointers woul dbe appreciated.

0 Karma

SplunkTrust
SplunkTrust

Have you set the splunk admin user/password? If you're using the default, you can't authenticate with the rest endpoints. A UNiversal forwarder behaves this way at least...

0 Karma

SplunkTrust
SplunkTrust

Doesn't appear you're setting the authorization header correctly in the 2nd example. Use the same xhdr method you used in the first example but set it with "Authorization: Splunk AUTHTOKEN"

0 Karma

SplunkTrust
SplunkTrust

beforeSend: function (xhr) {
xhr.setRequestHeader('Authorization', 'Splunk' + authtoken);

0 Karma

New Member

Tried this as well. Still Giving a 401. FYI, these API calls are going through the browser - using client side JS.

0 Karma

SplunkTrust
SplunkTrust

Did you look at your request with packet sniffing or software proxy like fiddler by telerik?

Something is wrong with your post. It's that simple. Otherwise you wouldn't get 401.

Is there a space in the header between Splunk and token?

0 Karma

New Member

No spaces, Yes i did try to check the request but everything looked fine

0 Karma

New Member

The session key is being used to make a POST call to create a job and a GET call to retrieve the results of that job.,,The session key is being used to make a POST call to create a search and then make a GET call to get the search results.

0 Karma

SplunkTrust
SplunkTrust

How are you using the session key?

0 Karma

SplunkTrust
SplunkTrust

An example of your POST please...

0 Karma

New Member

Here's the example

$.ajax({
url: url,
type: "POST",
contentType: "application/json",
dataType: "json",
data:'{"search" : "search index=esys_shibboleth OR index= Shibboleth-Audit", "output_mode":"json"}',
beforeSend: function (xhr) {
xhr.setRequestHeader('Authorization', 'Basic' + btoa("username:password"));

0 Karma

New Member

Instead of passing the username and password if the session key (obtained a login POST call) is passed in this manner :
$.ajax({
url: url,
type: "POST",
contentType: "application/json",
"Authorization": "Splunk " + sessionkey,
dataType: "json",
data:'{"search" : "search index=esys_shibboleth OR index= Shibboleth-Audit", "output_mode":"json"}',

still throws a 401

0 Karma
State of Splunk Careers

Access the Splunk Careers Report to see real data that shows how Splunk mastery increases your value and job satisfaction.

Find out what your skills are worth!