Splunk Dev

Does Splunk supports OAuth for REST API ?

vallabhk
Engager

Could you help us in confirming whether Splunk REST APIs supports OAuth authentication apart from the existing basic authentication(username/password) and authentication tokens(link). ? We see a lot of customers enquiring about it. 

Also, is it mandatory to always use an authentication token mechanism for a service account in Splunk or can we use a username/password as well ?

@sloshburch 

Labels (1)
0 Karma
1 Solution

murenkot
Splunk Employee
Splunk Employee

Splunk REST APIs don't support OAuth authentication.  But maybe this solution with a web server or LDAP will help you: https://community.splunk.com/t5/Security/Does-Splunk-support-oAuth-2-0-single-sign-on/m-p/292745/hig... 

You can use a username/password for a Service Account but you'll need to give the Service Account access to read the information you want Splunk to be able to collect/access. It only needs read rights. 

You can find examples of how to use username/password in requests here: https://docs.splunk.com/Documentation/Splunk/latest/RESTUM/RESTusing

or you can use authentification with Python script and use a session key in your requests: https://docs.splunk.com/Documentation/Splunk/8.2.4/RESTTUT/RESTsearches

View solution in original post

murenkot
Splunk Employee
Splunk Employee

Splunk REST APIs don't support OAuth authentication.  But maybe this solution with a web server or LDAP will help you: https://community.splunk.com/t5/Security/Does-Splunk-support-oAuth-2-0-single-sign-on/m-p/292745/hig... 

You can use a username/password for a Service Account but you'll need to give the Service Account access to read the information you want Splunk to be able to collect/access. It only needs read rights. 

You can find examples of how to use username/password in requests here: https://docs.splunk.com/Documentation/Splunk/latest/RESTUM/RESTusing

or you can use authentification with Python script and use a session key in your requests: https://docs.splunk.com/Documentation/Splunk/8.2.4/RESTTUT/RESTsearches

Get Updates on the Splunk Community!

Enterprise Security Content Update (ESCU) | New Releases

In the last month, the Splunk Threat Research Team (STRT) has had 2 releases of new security content via the ...

Announcing the 1st Round Champion’s Tribute Winners of the Great Resilience Quest

We are happy to announce the 20 lucky questers who are selected to be the first round of Champion's Tribute ...

We’ve Got Education Validation!

Are you feeling it? All the career-boosting benefits of up-skilling with Splunk? It’s not just a feeling, it's ...