I have a confusing issue with the Splunk endpoint POST method execution. Every time I'm trying to send a GET request to my custom endpoint, everything works as expected. But when I am sending a POST request with the identical parameters and Cookies, the API returns a 401 status code and says: "Splunk cannot authenticate the request. CSRF validation failed.". I have no clue why this happens because the CSRF Token in the request is still the same token as the token in the GET request. Moreover the response of the GET request returns the identical CSRF cookie which is afterwards used again by the POST method.
Using the API over the management port on 8089 works perfectly fine with GET and POST requests. This happens just with the /splunkd/__raw webservice endpoint.
Does anyone have an idea about what is causing this error?
Thanks in advance!
POST /en-GB/splunkd/__raw/services/test_endpoint HTTP/1.1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/66.0.3359.181 Safari/537.36
Accept-Encoding: gzip, deflate
Cookie: splunkweb_csrf_token_8000=XXX; session_id_8000=XXX; token_key=XXX; experience_id=XXX; splunkd_8000=XXX