Re: REST API - Unauthorized error

av2214 · ‎04-09-2020

I am trying to connect with REST API and I am able to use this guide https://answers.splunk.com/answers/685730/can-i-use-rest-api-without-curl.html

I can obtain the session key but on using that, I still get an unauthorized error when trying to pull results of a search.

I am going through a proxy server to make my request and avoid CORS issues. Any pointers woul dbe appreciated.

jkat54 · ‎04-12-2020

Have you set the splunk admin user/password? If you're using the default, you can't authenticate with the rest endpoints. A UNiversal forwarder behaves this way at least...

jkat54 · ‎04-10-2020

Doesn't appear you're setting the authorization header correctly in the 2nd example. Use the same xhdr method you used in the first example but set it with "Authorization: Splunk AUTHTOKEN"

jkat54 · ‎04-10-2020

beforeSend: function (xhr) {
xhr.setRequestHeader('Authorization', 'Splunk' + authtoken);

serenalekh · ‎04-10-2020

Tried this as well. Still Giving a 401. FYI, these API calls are going through the browser - using client side JS.

jkat54 · ‎04-10-2020

Did you look at your request with packet sniffing or software proxy like fiddler by telerik?

Something is wrong with your post. It's that simple. Otherwise you wouldn't get 401.

Is there a space in the header between Splunk and token?

serenalekh · ‎04-10-2020

No spaces, Yes i did try to check the request but everything looked fine

serenalekh · ‎04-09-2020

The session key is being used to make a POST call to create a job and a GET call to retrieve the results of that job.,,The session key is being used to make a POST call to create a search and then make a GET call to get the search results.

jkat54 · ‎04-09-2020

How are you using the session key?

jkat54 · ‎04-09-2020

An example of your POST please...

serenalekh · ‎04-09-2020

Here's the example

$.ajax({
url: url,
type: "POST",
contentType: "application/json",
dataType: "json",
data:'{"search" : "search index=esys_shibboleth OR index= Shibboleth-Audit", "output_mode":"json"}',
beforeSend: function (xhr) {
xhr.setRequestHeader('Authorization', 'Basic' + btoa("username:password"));

serenalekh · ‎04-09-2020

Instead of passing the username and password if the session key (obtained a login POST call) is passed in this manner :
$.ajax({
url: url,
type: "POST",
contentType: "application/json",
"Authorization": "Splunk " + sessionkey,
dataType: "json",
data:'{"search" : "search index=esys_shibboleth OR index= Shibboleth-Audit", "output_mode":"json"}',

still throws a 401

REST API - Unauthorized error

Routing logs with Splunk OTel Collector for Kubernetes

Welcome to the Splunk Community!

Tech Talk | Elevating Digital Service Excellence: The Synergy of Splunk RUM & APM