Access requirements and limitations for the Splunk Cloud Platform REST API
After you request access, you can use a limited subset of the Splunk Enterprise REST API endpoints with your Splunk Cloud Platform deployment.
Accessing the Splunk Cloud Platform REST API
You might need to take extra steps to access your Splunk Cloud Platform deployment using the Splunk REST API and SDKs. If necessary, you can get access with one of the following options:
- Use the Admin Config Service (ACS) API search-api/ipallowlists endpoint to add IP addresses to the search-api allow list. For more information about the search-api/ipallowlists endpoint, see Configure IP allow lists for Splunk Cloud Platform.
- Submit a support case requesting access using the Splunk Support Portal. Splunk Support opens port 8089 for REST access. You can specify a range of IP addresses to control who can access the REST API, so make sure your request includes the IP addresses or CIDR ranges that you want access from.
Free trial Splunk Cloud Platform accounts cannot access the REST API.
Once you have REST API access, you can make calls with a local account, an LDAP account, or a SAML account. To learn more about setting up authentication with tokens, see Set up authentication with tokens.
Use the following URL for Splunk Cloud Platform deployments:
Provide your own certificate
Optionally, you can provide your own certificate for the API port. To use your own certificate, submit a case using the Splunk Support Portal. You can request your own cert at the time that you request access to the REST API, or at a later time.
Administrative role limitations
The Splunk Cloud Platform administrative role
sc_admin is restricted from performing the following types of tasks using Splunk Web, the command line interface, or the REST API:
- Modifying configuration of deployment servers, client configuration, and distributed components, such as indexers, search heads, and clustering.
- Restarting a Splunk Cloud Platform deployment
- Executing debug commands
- Installing apps and modifying app configurations
REST API access limitations
As a Splunk Cloud Platform user, you are restricted to interacting with the search tier only with the REST API. You cannot access other tiers by using the REST API. Splunk Support manages all tiers other than the search tier.
To access endpoints and REST operations, you must authenticate with your username and password.
The following table shows which resource groups are supported in Splunk Cloud Platform:
|Access control||Authorize and authenticate users.|
|Federated Search||Create, update, and delete definitions for federated providers and federated indexes.|
|Knowledge||Define indexed and searched data configurations.|
|Search||Manage searches and search-generated alerts and view objects.|
Managing knowledge objects
This documentation applies to the following versions of Splunk Cloud Platform™: 8.2.2109, 8.2.2111, 8.2.2112, 8.2.2201 (latest FedRAMP release), 8.2.2202