Getting Data In
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question

Securing REST API access?

the_wolverine
Champion
‎12-17-2012 04:08 PM

Any documentation or examples on how I can secure access via REST API? Specifically, we want to restrict access to GET (no POST) and we want the standard granular access control to indexes, sources, sourcetypes, etc.

I'd also like to restrict access to specific endpoints.

Can this be done?

Tags (4)
Reply

leomeyerovich
Explorer
‎08-07-2018 07:07 PM

It took us awhile for Graphistry -- search and rest_properies_get (https://answers.splunk.com/answers/60259/rest-api-permissions-issue.html?utm_source=answers&utm_medi...).

0 Karma
Reply

ben_leung
Builder
‎02-25-2016 10:29 AM

Is it possible to specify the endpoints you do not want to grant visibility and then not allow access to them?

0 Karma
Reply

the_wolverine
Champion
‎01-14-2013 10:32 AM

Are there any answers as to how to restrict access to specific endpoints?

0 Karma
Reply

ben_leung
Builder
‎02-25-2016 10:18 AM

I have a case open with Splunk.. Case 325092

0 Karma
Reply

the_wolverine
Champion
‎01-10-2013 09:58 AM

Is there a way to restrict access to specific endpoints only?

0 Karma
Reply

Damien_Dallimor
Ultra Champion
‎12-17-2012 10:54 PM

Have a look here :
http://docs.splunk.com/Documentation/Splunk/5.0/admin/authorizeconf

There are 2 specific REST capabilitys you can assign to a role :

[capability::rest_properties_get]
        * Required to get information from the services/properties endpoint.

[capability::rest_properties_set]
        * Required to edit the services/properties endpoint.

In Manager :

alt text

Reply

ben_leung
Builder
‎02-25-2016 10:15 AM

This may be useful for allowing ACCESS to specific roles, but they loose a lot of options in terms of UI access as well since they are just endpoints.

Lets say we disable the set capability, the real concern is that they still have read access. Disabling the get capability is going a little too far in my opinion.

0 Karma
Reply

wwheeler4
Engager
‎12-17-2012 05:23 PM

Definitely it can be done. I'm not sure about what's involved in setting that up administratively, but our installation requires authentication and access to hit various endpoints.

These pages describe authentication and authorization for the Splunk REST API:

http://docs.splunk.com/Documentation/Splunk/5.0.1/RESTAPI/RESTaccess
http://docs.splunk.com/Documentation/Splunk/5.0.1/RESTAPI/RESTusing#Authentication

Essentially, use auth/login to get the session key, and then pass the session key along in an HTTP header (Authorization request header) to get access to a given endpoint.

Reply
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

Data Management Digest – May 2026

Welcome to the May 2026 edition of Data Management Digest!   As your trusted partner in data innovation, the ...

Index This | What is feather-light but cannot be held long?

May 2026 Edition  Hayyy Splunk Education Enthusiasts and the Eternally Curious!   We’re back with this ...

.conf26 Registration is Live: Secure Your Early Bird Pass Now

  Lock in Your Spot: Registration Open for .conf26 in Denver Hello Splunkers, I have exciting news! Your ...