Documentation > Splunk > Developing Dashboards, Views, and Apps for Splunk Web > Get an auth token

Developing Dashboards, Views, and Apps for Splunk Web

 


Overview
Build dashboards
Build forms
Build advanced views
Customize Splunk Web
Build apps
Extend Splunk
View reference material
Custom charting configuration reference

Get an auth token

This documentation does not apply to the most recent version of Splunk. Click here for the latest version.

Contents

Get an auth token

Before you do anything else with Splunk's REST API you must authenticate. You can use HTTP auth right in your request, but this is not scalable beyond one-off requests against Splunk's API. So if you're writing some code that will be making multiple requests to the REST API, get an auth token first, and then use this auth token for the rest of your requests.

Use your user credentials as you've set them up. By default the username is admin and the password is changeme.

Note: Starting in 4.1.4, remote login access via the REST API is disabled by default for the admin user until you have changed the default password.

Splunk's authentication endpoint is available at: 

https://<host:port>/services/auth/login

So either build an authentication request into your custom code (see the Python and Ruby examples). Or just run a request from the command line: 

curl -u admin:changeme -k https://localhost:8089/services/auth/login/ -d"username=admin&password=changeme"
<response>
<sessionKey>30774f9d502004b5c655c08b5362bdca</sessionKey>

Ruby example

Here's an example of getting an auth token in Ruby: 

require 'net/https'
require 'rubygems'
require 'hpricot'

class SplunkClient
  HOST = 'localhost'
  PORT = 8089
  USER = 'admin'
  PASSWORD = 'changeme'

  def splunk_ssl_post_request(path, data = nil, headers = nil)
    http = Net::HTTP.new(HOST, PORT)
    http.use_ssl = true
    http.verify_mode = OpenSSL::SSL::VERIFY_NONE
    http.post(path, data, headers).body
  end

  def session_key
    @session_key ||= load_session_key
  end
...

Then, you can go use the session key in all your subsequent requests.

Python example

Here's an example of doing the same thing with Python: 

import urllib
import httplib2
from xml.dom import minidom

baseurl = 'https://localhost:8089'
userName = 'admin'
password = 'changeme'

serverContent = httplib2.Http().request(baseurl + '/services/auth/login',
    'POST', headers={}, body=urllib.urlencode({'username':userName, 'password':password}))[1]

sessionKey = minidom.parseString(serverContent).getElementsByTagName('sessionKey')[0].childNodes[0].nodeValue
...
Retrieved from "http://docs.splunk.com/Documentation/Splunk/4.1/Developer/RESTAuthToken"

This documentation applies to the following versions of Splunk: 4.1 , 4.1.1 , 4.1.2 , 4.1.3 , 4.1.4 , 4.1.5 , 4.1.6 , 4.1.7 , 4.1.8 View the Article History for its revisions.


Comments

Here's a slightly more robust Python example:

#!/usr/bin/env python
import urllib
import httplib2
from xml.dom import minidom

baseurl = 'https://localhost:8089'
userName = 'admin'
password = 'changeme'


serverResponse = httplib2.Http().request( baseurl + '/services/auth/login', 'POST', headers={}, body=urllib.urlencode( { 'username':username, 'password':password } ) )

if not serverResponse[0]['status'] == '200':
raise Exception, serverResponse[1]

sessionKey = minidom.parseString(serverResponse[1]).getElementsByTagName('sessionKey')[0].childNodes[0].nodeValue

Gregoryba
September 16, 2010

You must be logged into splunk.com in order to post comments. Log in now.

Was this documentation topic helpful?

If you'd like to hear back from us, please provide your email address:

We'd love to hear what you think about this topic or the documentation as a whole. Feedback you enter here will be delivered to the documentation team.

Feedback submitted, thanks!