Getting Data In
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Securing REST API access?

the_wolverine
Champion
‎12-17-2012 04:08 PM

Any documentation or examples on how I can secure access via REST API? Specifically, we want to restrict access to GET (no POST) and we want the standard granular access control to indexes, sources, sourcetypes, etc.

I'd also like to restrict access to specific endpoints.

Can this be done?

Tags (4)
Reply

leomeyerovich
Explorer
‎08-07-2018 07:07 PM

It took us awhile for Graphistry -- search and rest_properies_get (https://answers.splunk.com/answers/60259/rest-api-permissions-issue.html?utm_source=answers&utm_medi...).

0 Karma
Reply

ben_leung
Builder
‎02-25-2016 10:29 AM

Is it possible to specify the endpoints you do not want to grant visibility and then not allow access to them?

0 Karma
Reply

the_wolverine
Champion
‎01-14-2013 10:32 AM

Are there any answers as to how to restrict access to specific endpoints?

0 Karma
Reply

ben_leung
Builder
‎02-25-2016 10:18 AM

I have a case open with Splunk.. Case 325092

0 Karma
Reply

the_wolverine
Champion
‎01-10-2013 09:58 AM

Is there a way to restrict access to specific endpoints only?

0 Karma
Reply

Damien_Dallimor
Ultra Champion
‎12-17-2012 10:54 PM

Have a look here :
http://docs.splunk.com/Documentation/Splunk/5.0/admin/authorizeconf

There are 2 specific REST capabilitys you can assign to a role :

[capability::rest_properties_get]
        * Required to get information from the services/properties endpoint.

[capability::rest_properties_set]
        * Required to edit the services/properties endpoint.

In Manager :

alt text

Reply

ben_leung
Builder
‎02-25-2016 10:15 AM

This may be useful for allowing ACCESS to specific roles, but they loose a lot of options in terms of UI access as well since they are just endpoints.

Lets say we disable the set capability, the real concern is that they still have read access. Disabling the get capability is going a little too far in my opinion.

0 Karma
Reply

wwheeler4
Engager
‎12-17-2012 05:23 PM

Definitely it can be done. I'm not sure about what's involved in setting that up administratively, but our installation requires authentication and access to hit various endpoints.

These pages describe authentication and authorization for the Splunk REST API:

http://docs.splunk.com/Documentation/Splunk/5.0.1/RESTAPI/RESTaccess
http://docs.splunk.com/Documentation/Splunk/5.0.1/RESTAPI/RESTusing#Authentication

Essentially, use auth/login to get the session key, and then pass the session key along in an HTTP header (Authorization request header) to get access to a given endpoint.

Reply
Get Updates on the Splunk Community!

ICYMI - Check out the latest releases of Splunk Edge Processor

Splunk is pleased to announce the latest enhancements to Splunk Edge Processor.  HEC Receiver authorization ...

Introducing the 2024 SplunkTrust!

Hello, Splunk Community! We are beyond thrilled to announce our newest group of SplunkTrust members!  The ...

Introducing the 2024 Splunk MVPs!

We are excited to announce the 2024 cohort of the Splunk MVP program. Splunk MVPs are passionate members of ...