Getting Data In

Splunk: Python script to extract json data from API through OAUTH2 authentication

sujith_usha_kum
Explorer

Hi All,

I am new to python script.

I have a requirement to extract json data in API through OAUTH2 authentication.

Following are the credentials which i got from API team,

API : https://abc.com/efg/
{"client_id":"6970.abcservice"}
{"scope":"read_abc write_abc"}
{"grant_type":"client_credentials"}
{"client_secret":"adsfa122222"}
Token URL : https://xyz.com/oauth/ls/connect/token

I am getting access token error in python script.

Please find the code snippet,

It will be great help, if anyone can help me here.

t = requests.get('{}?response_type=code&client_id={}&redirect_uri={}'.format(AUTHORIZE_URL, CLIENT_ID, REDIRECT_URI))

print t

p = requests.get('https://hpdpvaluewalletintsvr.ciodev.accenture.com/ToolProvisioningReport/', headers={'Authorization': 'Bearer YOUR_ACCESS_TOKEN'})

print p

requests.post(
    ACCESS_TOKEN_URL,
    data={
        'grant_type': 'refresh_token',
        'client_id': CLIENT_ID,
        'client_secret': CLIENT_SECRET,
#        'refresh_token': 'YOUR_REFRESH_TOKEN'
        'redirect_uri': REDIRECT_URI
    }
)

**Error message:**
<Response [200]>
<Response [401]>
{"Message":"Authorization has been denied for this request."}
0 Karma

Rdoggala
Loves-to-Learn Lots

Hi Sujit,

 

am new to splunk and python.

my requirement is get dashborad report from the splunk api using python scripts.

could you please help me , how can i get it.

what are pre requisites?

how can i authenticate token?

how can i get rest api link?

how can i  get localhost, port details?

please help on those, it would great for me?

0 Karma

thambisetty
SplunkTrust
SplunkTrust

Hi @Rdoggala 

Please post your question as new. You question may not be answered if you post like this.

and the subject is different and the one you asked is different.

————————————
If this helps, give a like below.
0 Karma

sujith_usha_kum
Explorer

Thanks @pappjr

I have consulted the documentation and updated the program. Its working fine in my local Splunk 6.5.3 .
code_post = requests.post(
ACCESS_TOKEN_URL,
data={
'grant_type': 'client_credentials',
'scope': 'read_mywizard_automationstore write_mywizard_automationstore',
'client_id': CLIENT_ID,
'client_secret': CLIENT_SECRET
}
)

print 'status of Token:', code_post.status_code

if code_post.status_code == 200:
    response = code_post.json()
    access_token=response['access_token']
    expires_in=response['expires_in']
    token_type=response['token_type']
#    print access_token
#    print expires_in
#    print token_type    


API = requests.get('https://hpdpvaluewalletintsvr.ciodev.accenture.com/ToolProvisioningReport/', headers={'Authorization': 'Bearer %s' % access_token})

print 'status of API:', API.status_code

But the sad part is its not working in our PRD splunk instance because of connection issue.

Please find the error message screen shot in the attachment and advise on this.

once again Thanks allot!

alt text

0 Karma

sujith_usha_kum
Explorer

Thanks @pappjr .

I have consult the documentation and made the below changes to the program . It worked fine in Local Splunk 6.5.3 .

code_post = requests.post(
    ACCESS_TOKEN_URL,
    data={
        'grant_type': 'client_credentials',
        'scope': 'read_mywizard_automationstore write_mywizard_automationstore',
        'client_id': CLIENT_ID,
        'client_secret': CLIENT_SECRET
    }
)

print 'status of Token:', code_post.status_code

if code_post.status_code == 200:
    response = code_post.json()
    access_token=response['access_token']
    expires_in=response['expires_in']
    token_type=response['token_type']
#    print access_token
#    print expires_in
#    print token_type    


API = requests.get('https://hpdpvaluewalletintsvr.ciodev.accenture.com/ToolProvisioningReport/', headers={'Authorization': 'Bearer %s' % access_token})

print 'status of API:', API.status_code

But the sad part is the same program is not working in my PROD Splunk instance because of connection error.

Please find the error message attached and advise on this.

Once again Thank you so much for your help.alt text

0 Karma

pappjr
Path Finder

Hi @sujith_usha_kumar,

Based on the final "ConnectionError" message you're getting caused by "socket.gaierror" it looks like your production instance cannot resolve the IP address of the host.

If you try to ping that host (hpdpvaluewalletintsvr.ciodev.accenture.com) from your Splunk PRD instance command line, does it resolve to an IP? If not you probably need to fix your DNS configuration on that host OR worst-case scenario add the host you're trying to connect to to your /etc/hosts file.

Similar to this StackOverflow answer here: https://stackoverflow.com/questions/23777121/why-am-i-getting-socket-gaierror-errno-2-from-python-ht...

0 Karma

sujith_usha_kum
Explorer

Thanks @pappjr .
You are right. Problem in the host, which is a internal so it could not resolve to an IP.

Hopefully i can resolve this issue , once i get a PROD API with a Public IP.

0 Karma

pappjr
Path Finder

Hi @sujith_usha_kumar,

Make sure you are reading the documentation for accessing this API very closely - just about every single API I have dealt with requires some minor tweak to my code.

The general flow goes as follows:
- Request (GET) an authorization code using client_id and client_secret (sometimes additional fields are required as well, check documentation)
- The response to this request will include an authorization code embedded in the response URL, you can capture this with code in Python (it will come from one of the response fields, I believe the .text one)
- Send another request (POST) to the OAuth endpoint which will include your authorization code from the last step among other things. The specifics of what is required to be granted an access and refresh token depend on your service - check your documentation!

Some common gotchas:
- Make sure the application allows your redirect URI. Some applications have a strict list of allowed redirect URIs. Most online guides will tell you to use "localhost" for testing code. That is fine, but make sure the application you are accessing ALLOWS localhost as a redirect URI.
- Are you sure you don't need the "scope" value in your initial request? Consult the documentation on this API.
- Your 'Authorization' is not necessarily a Bearer token (but it probably is). You should check the documentation for which type of token the service is expecting.
- Sometimes the authorization code is passed in as one of your "data" fields and you provide a different "header" for authentication (like Authorization: Basic (base64 encoded string of client_id:client_secret)

Looks like you're on the right path but you need to consult the documentation to figure the rest out. If you can share the service you're connecting to I can provide some more help, just let me know!

0 Karma
Get Updates on the Splunk Community!

Enterprise Security Content Update (ESCU) | New Releases

In September, the Splunk Threat Research Team had two releases of new security content via the Enterprise ...

New in Observability - Improvements to Custom Metrics SLOs, Log Observer Connect & ...

The latest enhancements to the Splunk observability portfolio deliver improved SLO management accuracy, better ...

Improve Data Pipelines Using Splunk Data Management

  Register Now   This Tech Talk will explore the pipeline management offerings Edge Processor and Ingest ...