Hi,
I had the same problem and figured it out with some help.
You can do it with the following REST API request:
curl -k -u "admin:PASSWORD_HERE" --data '{"verify_certs":"false","enable_logging":"false","config":[{"ph-auth-token":"AUTH_TOKEN_HERE","server":"https://IP_OR_HOST","custom_name":"","default":false,"user":"","ph_auth_config_id":"193b2ffc-48fb-4087-bc75-c44184e7fa07","proxy":"","validate":true}],"accepted":"true","save":true}' https://localhost:8089/services/update_phantom_config?output_mode=json
With the assumption that you already installed the Splunk Phantom App and assign the phantom permissions to the admin user.
... View more