Splunk® SOAR (Cloud)

REST API Reference for Splunk SOAR (Cloud)

The classic playbook editor will be deprecated in early 2025. Convert your classic playbooks to modern mode.
After the future removal of the classic playbook editor, your existing classic playbooks will continue to run, However, you will no longer be able to visualize or modify existing classic playbooks.
For details, see:

REST External prompt

External prompts are prompts that are sent to individuals or groups who are not using Splunk SOAR. This is also known as prompt-driven automation.

For prompts to people who use Splunk SOAR (internal prompts), see REST Approval.

REST/external_prompt

GET

Get information about an external prompt, including its message and questions.

Example request

curl -k -u username:password https://localhost/rest/external_prompt/<external prompt id> -G -X GET


Example response
A successful GET will return a JSON formatted list information about the external prompt. 

{
    "due_time": "2024-09-09T19:34:03.210000Z",
    "status": "pending",
    "action_name": "prompt_1",
    "targets": [
        {
            "app_id": 0,
            "assets": [],
            "parameters": [
                {
                    "to": null,
                    "ttl": 30,
                    "message": "msg",
                    "to_role": null,
                    "saml_group": null,
                    "mins_to_act": 30,
                    "secure_link": "https://psaas-cd-stg-marathon.soar.stg.splunkcloud.com/external-prompt/3vnHw1ZYH4G_u_f5w_caTwUPnERlH2PHaNVGDCNoMJY",
                    "saml_required": false,
                    "response_types": [
                        {
                            "prompt": "question1",
                            "options": {
                                "type": "message",
                                "required": true
                            }
                        }
                    ],
                    "external_prompt_id": "3vnHw1ZYH4G_u_f5w_caTwUPnERlH2PHaNVGDCNoMJY"
                }
            ]
        }
    ]
}

POST

Post a response to an external prompt.

Syntax 

curl -k -u username:password https://localhost/rest/external_prompt/<external prompt id>

Request string
An argument string must include the following fields: container_id.

Field Required Type Description
status required String Status of the Approve, deny
type required String When completed via this API, this value is always manual.
action required String When completed via this API, this value is always prompt.
responses required String Answer to the questions asked.
message required String Response to the message asked.

Example request

{"status":"approve",
"type":"manual",
"action":"prompt",
"responses":["response to question 1", "response to question 2"],
"message":"approved"}
Last modified on 06 November, 2024
RESTWarmStandby  

This documentation applies to the following versions of Splunk® SOAR (Cloud): current

Acrobat logo Download manual
Acrobat logo Download this page

Was this topic useful?







You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters