Splunk® SOAR (Cloud)

REST API Reference for Splunk SOAR (Cloud)

The classic playbook editor will be deprecated in early 2025. Convert your classic playbooks to modern mode.
After the future removal of the classic playbook editor, your existing classic playbooks will continue to run, However, you will no longer be able to visualize or modify existing classic playbooks.
For details, see:

REST User Settings

Combination of settings containing PhUser and Profile attributes.

/rest/user_settings

Manage a special serialized user object that contains PhUser and Profile attributes.

Syntax

https://<username>:<password>@<host>/rest/user_settings

Usage
If you're logged in as an administrator or as a regular user when you send a GET request, the server retrieves the active session user and handles the request based on that. This means that you can only view or update your own settings. Only non-automation users can POST to the API.

GET

Get a list of user settings.

Example request
Get a list of administrator user settings.

curl -k -u soar_local_admin:changeme https://localhost/rest/user_settings -G -X GET

Example response
A successful GET will return a JSON formatted list of user settings.

{
	"username": "soar_local_admin",
	"last_name": "",
	"notify_my_reassigned": true,
	"notify_my_expiredsla": true,
	"show_onboarding": false,
	"is_admin": true,
	"password_constraints": "There are no password constraints configured.",
	"local_docs": false,
	"notify_any_closed": false,
	"notify_any_nearsla": false,
	"notify_any_reassigned": false,
	"first_name": "",
	"redirect_onboarding": false,
	"title": null,
	"notify_my_assigned": true,
	"time_zone": "UTC",
	"notify_my_mentions": true,
	"theme": "dark",
	"notify_my_nearsla": true,
	"location": null,
	"display_relative_time": true,
	"type": "normal",
	"email": "root@localhost",
	"notify_any_breachedsla": false
}

The parameters are described in the POST.

POST

Update your own user settings.

Request parameters
An argument string must include the following parameters in the body:

Field Required Type Description
email optional string The user email.
first_name optional string The user's given name.
last_name optional string The user's family name.
title optional string The user's title.
local_docs optional bool Sets the the user's default choice for viewing documentation:
  • false = online - links to docs.splunk.com
  • true = offline - points to a local copy of the docs in PDF format
location optional string Physical location of the user. Usually an office or city location.
notify_my_assigned optional bool Indicates if the user has the notifications check box checked for My Events: "Event or task assigned to me."
notify_my_nearsla optional bool Indicates if the user has the notifications check box checked for My Events: "Event SLA expiring soon."
notify_my_expiredsla optional bool Indicates if the user has the notifications check box checked for My Events: "Event SLA expired."
notify_my_reassigned optional bool Indicates if the user has the notifications check box checked for My Events: "Event reassigned."
notify_my_mentions optional bool Indicates if the user has the notifications check box checked for My Events: "Collaboration notifications."
notify_any_nearsla optional bool Indicates if the user has the notifications check box checked for All Events: "Event SLA expiring soon."
notify_any_breachedsla optional bool Indicates if the user has the notifications check box checked for All Events: "Event SLA expired."
notify_any_reassigned optional bool Indicates if the user has the notifications check box checked for All Events: "Event reassigned."
notify_any_closed optional bool Indicates if the user has the notifications check box checked for All Events: "Event resolved."
password_constraints optional string Indicates if there are password constraints configured.
time_zone optional string Time zone where the user works. See https://en.wikipedia.org/wiki/List_of_tz_database_time_zones for a list of time zones.
theme optional string light or dark
display_relative_time optional bool Indicates if the user has the notifications check box checked for "Display Relative Timestamps."

Example request
Set a new email address and theme by supplying a JSON formatted body.

curl -k -u soar_local_admin:changeme https://localhost/rest/user_settings \
-d '{
	"email": "username@splunk.com",
	"theme": "dark",
	"local_docs": true
}'

Example response
A successful request will result in a success message indicating that the settings are updated.

{
	"message": "Settings updated",
	"success": true
}
Last modified on 06 November, 2024
REST User   REST Search

This documentation applies to the following versions of Splunk® SOAR (Cloud): current


Was this topic useful?







You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters