Splunk® SOAR (Cloud)

REST API Reference for Splunk SOAR (Cloud)

The visual editor for classic playbooks is now removed. Convert your classic playbooks to modern mode. Your classic playbooks will continue to run and you can view and edit them in the SOAR Python code editor.
For details, see:

REST External prompt

External prompts are prompts that are sent to individuals or groups who are not using Splunk SOAR. This is also known as prompt-driven automation.

For prompts to people who use Splunk SOAR (internal prompts), see REST Approval.

REST/external_prompt

GET

Get information about an external prompt, including its message and questions.

Example request

curl -k -u username:password https://localhost/rest/external_prompt/<external prompt id> -G -X GET


Example response
A successful GET will return a JSON formatted list information about the external prompt. 

{
    "due_time": "2024-09-09T19:34:03.210000Z",
    "status": "pending",
    "action_name": "prompt_1",
    "targets": [
        {
            "app_id": 0,
            "assets": [],
            "parameters": [
                {
                    "to": null,
                    "ttl": 30,
                    "message": "msg",
                    "to_role": null,
                    "saml_group": null,
                    "mins_to_act": 30,
                    "secure_link": "https://psaas-cd-stg-marathon.soar.stg.splunkcloud.com/external-prompt/3vnHw1ZYH4G_u_f5w_caTwUPnERlH2PHaNVGDCNoMJY",
                    "saml_required": false,
                    "response_types": [
                        {
                            "prompt": "question1",
                            "options": {
                                "type": "message",
                                "required": true
                            }
                        }
                    ],
                    "external_prompt_id": "3vnHw1ZYH4G_u_f5w_caTwUPnERlH2PHaNVGDCNoMJY"
                }
            ]
        }
    ]
}

POST

Post a response to an external prompt.

Syntax 

curl -k -u username:password https://localhost/rest/external_prompt/<external prompt id>

Request string
An argument string must include the following fields: container_id.

Field Required Type Description
status required String Status of the Approve, deny
type required String When completed via this API, this value is always manual.
action required String When completed via this API, this value is always prompt.
responses required String Answer to the questions asked.
message required String Response to the message asked.

Example request

{"status":"approve",
"type":"manual",
"action":"prompt",
"responses":["response to question 1", "response to question 2"],
"message":"approved"}
Last modified on 20 February, 2025
RESTClustering  

This documentation applies to the following versions of Splunk® SOAR (Cloud): current

Acrobat logo Download manual
Acrobat logo Download this page

Was this topic useful?







You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters