Splunk AppInspect API endpoint reference
Use the Splunk AppInspect API to validate your Splunk app during the development process. After authenticating with the Splunk API server, use the Splunk AppInspect API to send REST requests to the Splunk AppInspect web service.
- To learn how to use the Splunk AppInspect API, see Use the Splunk AppInspect API.
- To see the Splunk AppInspect API in an interactive Swagger UI, see the Splunk AppInspect API on Flasgger.
Authentication
To obtain an authentication token, send a GET request to the /2.0/rest/login/splunk endpoint on api.splunk.com. The JSON response contains the token assigned to the token key.
GET /2.0/rest/login/splunk
https://api.splunk.com/2.0/rest/login/splunk
Description
Provides access to api.splunk.com to obtain a JSON Web Token (JWT) using basic authentication.
HTTP method: GET
Authentication: Basic authentication
Response codes: 200 (Success), 401 (Bad request)
GET /2.0/rest/login/splunk method detail
Response keys
| Key | Description |
|---|---|
status_code | An HTTP response code. The returned code is 200 (Success) or 401 (Bad request). |
status | The status of the request. |
msg | A detailed description of the request status. |
data | A JSON object containing both the token and user information. |
Examples
Basic auth request
import requests from requests.auth import HTTPBasicAuth uri = "https://api.splunk.com/2.0/rest/login/splunk" response = requests.get(uri, auth=HTTPBasicAuth("myuser", "mypassword")) user_token = response.json().get("data").get("token") print(user_token)
JSON response
JSON{ "status_code": 200, "status": "success", "msg": "Successfully authenticated user and assigned a token", "data": { "token": "<auth_token>", "user": { "name": "SPLUNK USER",...
Splunk AppInspect API
To use the Splunk AppInspect API:
Send the Splunk app package in a POST request to the /v1/app/validate endpoint on appinspect.splunk.com.
The JSON response contains the request ID.
Send the request ID in a GET request to the /v1/app/validate/status/{request_id} endpoint on appinspect.splunk.com.
The JSON response contains a detailed report of the checks run and their results.
In the examples, replace <auth_token> with your authorization token, and <app_package> with the filename of the Splunk app package (a .tgz or .tar.gz file).
POST /v1/app/validate
https://appinspect.splunk.com/v1/app/validate
Description
Submits a Splunk app to be validated against default Splunk AppInspect criteria.
HTTP method: POST
Authentication: Bearer token (JWT) obtained from splunk.com.
Parameters:
| Parameter | Type | Description |
|---|---|---|
included_tags | string | Tags to be passed as comma-separated values in a string as validation arguments to Splunk AppInspect. |
excluded_tags | string | Tags to be passed as comma-separated values in a string as validation arguments to Splunk AppInspect. |
included_tags_arr | array | Tags to be passed as array values as validation arguments to Splunk AppInspect. |
excluded_tags_arr | array | Tags to be passed as array values validation arguments to Splunk AppInspect. |
app_package | file | Required. An app package with one of the following extensions: .gz, .tgz, .zip, or .spl. |
Response codes: 200 (Success), 401 (Unauthorized), 422 (Invalid parameters)
Examples
Basic request
cURL
curl https://appinspect.splunk.com/v1/app/validate -H "Authorization: Bearer <auth_token>" \ -F app_package=<app_package>
Python
import os import requests from requests_toolbelt.multipart.encoder import MultipartEncoder url = "https://appinspect.splunk.com/v1/app/validate" file_path = "<full_path_to_file>" user_token="<auth_token>" app_name = os.path.basename(file_path)...
Including and excluding tags and header values
You can explicitly include and exclude tags from a validation by using additional options in your request. Specifically, the included_tags and excluded_tags options use comma-separated format to include and exclude tags from a validation. The included_tags_arr and excluded_tags_arr options use array format to include and exclude tags from a validation. See the Splunk AppInspect tag reference for details.
If you pass both comma-separated and array options, only the array options will be used. For example, if you use both
included_tagsandincluded_tags_arr, onlyincluded_tags_arrwill be used.
See the following examples to learn how to use tags and header values.
cURL
# For tag inclusion/exclusion curl https://appinspect.splunk.com/v1/app/validate -H "Authorization: Bearer <auth_token>" \ -H "Content-Type: multipart/form-data" \ -F app_package=<app_package> \ -F "included_tags=<tag_to_include>" \ -F "excluded_tags=<tag_to_exclude>"
# For tag inclusion/exclusion using array parameters curl https://appinspect.splunk.com/v1/app/validate -H "Authorization: Bearer <auth_token>" \ -H "Content-Type: multipart/form-data" \ -F app_package=<app_package> \ -F "included_tags_arr=<tag_to_include_1>" \ -F "included_tags_arr=<tag_to_include_2>" \ -F "excluded_tags_arr=<tag_to_exclude_1>" \ -F "excluded_tags_arr=<tag_to_exclude_2>"
Python
import os import requests from requests_toolbelt.multipart.encoder import MultipartEncoder url = "https://appinspect.splunk.com/v1/app/validate" file_path = "<full_path_to_file>" user_token="<auth_token>" app_name = os.path.basename(file_path)...
GET /v1/app/validate/status/{request_id}
https://appinspect.splunk.com/v1/app/validate/status/{request_id}
Description
Returns the status of an in-process request using the value of request_id that is returned from an initial validation request to the /v1/app/validate endpoint.
Once the request is complete, this endpoint returns information for a limited time. The app information in info might change if multiple apps are submitted at once. For the full report, use the /report/{request_id} endpoint.
HTTP method: GET
Authentication: Bearer token (JWT) obtained from splunk.com
Parameters:
| Parameter | Type | Description |
|---|---|---|
request_id | string | Required. The request ID. |
included_tags | string | Optional. Used for filtering the check results. If the parameter is omitted then the included_tags or included_tags_arr specified at app submission (if any) will be used. |
excluded_tags | string | Optional. Used for filtering the check results. If the parameter is omitted then the excluded_tags or excluded_tags_arr specified at app submission (if any) will be used. |
included_tags_arr | array | Optional. Used for filtering the check results. If the parameter is omitted then the included_tags or included_tags_arr specified at app submission (if any) will be used. |
excluded_tags_arr | array | Optional. Used for filtering the check results. If the parameter is omitted then the excluded_tags or excluded_tags_arr specified at app submission (if any) will be used. |
Response codes: 200 (Success), 401 (Unauthorized), 403 (Forbidden or not found)
GET /v1/app/validate/status/{request_id} method detail
Response keys
| Key | Description |
|---|---|
request_id | An alphanumeric string that uniquely identifies this request. |
status | Status takes the form of PROCESSING, SUCCESS, or ERROR. |
Examples
JSON response
JSON{ "request_id": "your_request_id_here", "status": "PROCESSING" }
GET /v1/app/report/{request_id}
https://appinspect.splunk.com/v1/app/report/{request_id}
Description
Returns the report data for a given request. The report endpoint returns an HTTP status code 404 (Not found) until validation of the app is complete.
HTTP method: GET
Authentication: Bearer token (JWT) obtained from splunk.com
Parameters:
| Parameter | Type | Description |
|---|---|---|
request_id | string | Required. The request ID. |
included_tags | string | Optional. Used for filtering the check results. If the parameter is omitted then the included_tags or included_tags_arr specified at app submission (if any) will be used. |
excluded_tags | string | Optional. Used for filtering the check results. If the parameter is omitted then the excluded_tags or excluded_tags_arr specified at app submission (if any) will be used. |
included_tags_arr | array | Optional. Used for filtering the check results. If the parameter is omitted then the included_tags or included_tags_arr specified at app submission (if any) will be used. |
excluded_tags_arr | array | Optional. Used for filtering the check results. If the parameter is omitted then the excluded_tags or excluded_tags_arr specified at app submission (if any) will be used. |
Response codes: 200 (Success), 401 (Unauthorized), 403 (Forbidden or not found)
Example
JSON response
JSON{ "links": [ { "href": "/v1/app/report/7779ce08-1adf-489f-870a-6c1ea6a47948", "rel": "self" } ], "reports": [...
GET /v1/info
https://appinspect.splunk.com/v1/info
HTTP method: GET
Authentication: Bearer token (JWT) obtained from Splunk.com
Parameters: No parameters
Response codes: 200 (Success)
GET /v1/ping
https://appinspect.splunk.com/v1/ping
HTTP method: GET
Authentication: Bearer token (JWT) obtained from splunk.
Parameters: No parameters
Response codes: 200 (Success)
Errors
All endpoints are secured through the Splunk AppInspect PingFed Integration. Endpoints return a 401 response for failed authorizations.
No Header
JSON{ "code": "authorization_header_missing", "description": "Authorization header is expected" }
Invalid Token
JSON{ "code": "Unauthorized", "description": "Failed to authenticate" }
Examples
Get an auth token
cURL
curl -k -u USERNAME:PASSWORD \ --url "https://api.splunk.com/2.0/rest/login/splunk"
Python
import requests url = "https://api.splunk.com/2.0/rest/login/splunk" headers = { 'authorization': "Basic <auth_token>", 'cache-control': "no-cache" } response = requests.request("GET", url, headers=headers) print(response.text)
Validate a package
cURL
curl -X POST \ -H "Authorization: bearer <auth_token>" \ -H "Cache-Control: no-cache" \ -H "Content-Type: multipart/form-data; boundary=----WebKitFormBoundary7MA4YWxkTrZu0gW" \ -F "app_package=@testapp.tar.gz" \ -F "included_tags=cloud" \ "https://appinspect.splunk.com/v1/app/validate"