Splunk Dev
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Does Splunk supports OAuth for REST API ?

vallabhk
Engager
‎01-19-2022 07:23 AM

Could you help us in confirming whether Splunk REST APIs supports OAuth authentication apart from the existing basic authentication(username/password) and authentication tokens(link). ? We see a lot of customers enquiring about it. 

Also, is it mandatory to always use an authentication token mechanism for a service account in Splunk or can we use a username/password as well ?

@sloshburch 

Labels (1)
Labels
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

murenkot
Splunk Employee
Splunk Employee
‎01-23-2022 01:08 PM

Splunk REST APIs don't support OAuth authentication.  But maybe this solution with a web server or LDAP will help you: https://community.splunk.com/t5/Security/Does-Splunk-support-oAuth-2-0-single-sign-on/m-p/292745/hig... 

You can use a username/password for a Service Account but you'll need to give the Service Account access to read the information you want Splunk to be able to collect/access. It only needs read rights. 

You can find examples of how to use username/password in requests here: https://docs.splunk.com/Documentation/Splunk/latest/RESTUM/RESTusing

or you can use authentification with Python script and use a session key in your requests: https://docs.splunk.com/Documentation/Splunk/8.2.4/RESTTUT/RESTsearches

View solution in original post

Reply
Solved! Jump to solution
Solution

murenkot
Splunk Employee
Splunk Employee
‎01-23-2022 01:08 PM

Splunk REST APIs don't support OAuth authentication.  But maybe this solution with a web server or LDAP will help you: https://community.splunk.com/t5/Security/Does-Splunk-support-oAuth-2-0-single-sign-on/m-p/292745/hig... 

You can use a username/password for a Service Account but you'll need to give the Service Account access to read the information you want Splunk to be able to collect/access. It only needs read rights. 

You can find examples of how to use username/password in requests here: https://docs.splunk.com/Documentation/Splunk/latest/RESTUM/RESTusing

or you can use authentification with Python script and use a session key in your requests: https://docs.splunk.com/Documentation/Splunk/8.2.4/RESTTUT/RESTsearches

Reply
Get Updates on the Splunk Community!

SOC Modernization: How Automation and Splunk SOAR are Shaping the Next-Gen Security ...

Security automation is no longer a luxury but a necessity. Join us to learn how Splunk ES and SOAR empower ...

Ask It, Fix It: Faster Investigations with AI Assistant in Observability Cloud

  Join us in this Tech Talk and learn about the recently launched AI Assistant in Observability Cloud. With ...

Index This | How many sides does a circle have?

  March 2025 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with this ...