Security
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

How do I authorize a user to use the REST API?

jbechchar
New Member
‎11-16-2015 09:25 AM

Hi everybody,

I have a problem with a user.
I've just created a new user and it seems ok when I use it with Splunk.
However, I have no authorization when I try to use it with REST.

Is there a particular parameter to use the REST API with a certain user?

Thanks in advance

best regards,

0 Karma
Reply

aljohnson_splun
Splunk Employee
Splunk Employee
‎11-16-2015 09:49 AM

Yes, you'll need to add certain capabilities to that user or that users's role(s).

This can be done by going to Settings > Access Controls > Roles - then choosing a role and scrolling to about halfway down the page. Then chose which capabilities are enabled for that particular role.

The relevant conf is authorize.conf:

[capability::rest_apps_view]
        * Required to list various properties in the python remote apps handler.
        * See restmap.conf for more info

[capability::rest_properties_get]
        * Required to get information from the services/properties endpoint.

[capability::rest_properties_set]
        * Required to edit the services/properties endpoint.

Note that you may need to also look at restmap.conf depending on what you're trying to do. However, most likely, you just need to add the capabilities defined above.

Reply

jbechchar
New Member
‎11-17-2015 06:24 AM

Hi,

when i search index=_internal

It seems that I have no ldap authorization...
But it is not an ldap user...

And I have an another user with the same configuration and it works with api rest.

0 Karma
Reply

jbechchar
New Member
‎11-17-2015 01:07 AM

Hi aljohnson,

Thanks for your answer.

But, I have already theses capabalities for my role.

That's why I don't understand why I cannot do a curl request...

It is possible to request on the api with the Admin user...

Another idea ? 🙂

0 Karma
Reply
Get Updates on the Splunk Community!

Harnessing Splunk’s Federated Search for Amazon S3

Managing your data effectively often means balancing performance, costs, and compliance. Splunk’s Federated ...

Infographic provides the TL;DR for the 2024 Splunk Career Impact Report

We’ve been buzzing with excitement about the recent validation of Splunk Education! The 2024 Splunk Career ...

Enterprise Security Content Update (ESCU) | New Releases

In December, the Splunk Threat Research Team had 1 release of new security content via the Enterprise Security ...