.conf25 registration is now open!Register today

 Splunk AppInspect API endpoint reference

Use the Splunk AppInspect API to validate your Splunk app during the development process. After authenticating with the Splunk API server, use the Splunk AppInspect API to send REST requests to the Splunk AppInspect web service.

  • To learn how to use the Splunk AppInspect API, see Use the Splunk AppInspect API.
  • To see the Splunk AppInspect API in an interactive Swagger UI, see the Splunk AppInspect API on Flasgger.

 Authentication

To obtain an authentication token, send a GET request to the /2.0/rest/login/splunk endpoint on api.splunk.com. The JSON response contains the token assigned to the token key.

 GET /2.0/rest/login/splunk

https://api.splunk.com/2.0/rest/login/splunk

 Description

Provides access to api.splunk.com to obtain a JSON Web Token (JWT) using basic authentication.

HTTP method: GET

Authentication: Basic authentication

Response codes: 200 (Success), 401 (Bad request)

 GET /2.0/rest/login/splunk method detail

 Response keys
KeyDescription
status_codeAn HTTP response code. The returned code is 200 (Success) or 401 (Bad request).
statusThe status of the request.
msgA detailed description of the request status.
dataA JSON object containing both the token and user information.

 Examples

 Basic auth request
import requests
from requests.auth import HTTPBasicAuth
uri = "https://api.splunk.com/2.0/rest/login/splunk"
response = requests.get(uri, auth=HTTPBasicAuth("myuser", "mypassword"))
user_token = response.json().get("data").get("token")
print(user_token)
 JSON response
JSON
{
    "status_code": 200,
    "status": "success",
    "msg": "Successfully authenticated user and assigned a token",
    "data": {
        "token": "<auth_token>",
        "user": {
            "name": "SPLUNK USER",
...

 Splunk AppInspect API

To use the Splunk AppInspect API:

  1. Send the Splunk app package in a POST request to the /v1/app/validate endpoint on appinspect.splunk.com.

    The JSON response contains the request ID.

  2. Send the request ID in a GET request to the /v1/app/validate/status/{request_id} endpoint on appinspect.splunk.com.

    The JSON response contains a detailed report of the checks run and their results.

In the examples, replace <auth_token> with your authorization token, and <app_package> with the filename of the Splunk app package (a .tgz or .tar.gz file).

 POST /v1/app/validate

https://appinspect.splunk.com/v1/app/validate

 Description

Submits a Splunk app to be validated against default Splunk AppInspect criteria.

HTTP method: POST

Authentication: Bearer token (JWT) obtained from splunk.com.

Parameters:

ParameterTypeDescription
included_tagsstringTags to be passed as comma-separated values in a string as validation arguments to Splunk AppInspect.
excluded_tagsstringTags to be passed as comma-separated values in a string as validation arguments to Splunk AppInspect.
included_tags_arrarrayTags to be passed as array values as validation arguments to Splunk AppInspect.
excluded_tags_arrarrayTags to be passed as array values validation arguments to Splunk AppInspect.
app_packagefileRequired. An app package with one of the following extensions: .gz, .tgz, .zip, or .spl.

Response codes: 200 (Success), 401 (Unauthorized), 422 (Invalid parameters)

 Examples

 Basic request

cURL

curl https://appinspect.splunk.com/v1/app/validate
   -H "Authorization: Bearer <auth_token>" \
   -F app_package=<app_package>

Python

import os
import requests
from requests_toolbelt.multipart.encoder import MultipartEncoder
url = "https://appinspect.splunk.com/v1/app/validate"
file_path = "<full_path_to_file>"
user_token="<auth_token>"
app_name = os.path.basename(file_path)
...
 Including and excluding tags and header values

You can explicitly include and exclude tags from a validation by using additional options in your request. Specifically, the included_tags and excluded_tags options use comma-separated format to include and exclude tags from a validation. The included_tags_arr and excluded_tags_arr options use array format to include and exclude tags from a validation. See the Splunk AppInspect tag reference for details.

Info Circle

If you pass both comma-separated and array options, only the array options will be used. For example, if you use both included_tags and included_tags_arr, only included_tags_arr will be used.

See the following examples to learn how to use tags and header values.

cURL

# For tag inclusion/exclusion
curl https://appinspect.splunk.com/v1/app/validate
   -H "Authorization: Bearer <auth_token>" \
   -H "Content-Type: multipart/form-data" \
   -F app_package=<app_package> \
   -F "included_tags=<tag_to_include>" \
   -F "excluded_tags=<tag_to_exclude>"
# For tag inclusion/exclusion using array parameters
curl https://appinspect.splunk.com/v1/app/validate
   -H "Authorization: Bearer <auth_token>" \
   -H "Content-Type: multipart/form-data" \
   -F app_package=<app_package> \
   -F "included_tags_arr=<tag_to_include_1>" \
   -F "included_tags_arr=<tag_to_include_2>" \
   -F "excluded_tags_arr=<tag_to_exclude_1>" \
   -F "excluded_tags_arr=<tag_to_exclude_2>"

Python

import os
import requests
from requests_toolbelt.multipart.encoder import MultipartEncoder
url = "https://appinspect.splunk.com/v1/app/validate"
file_path = "<full_path_to_file>"
user_token="<auth_token>"
app_name = os.path.basename(file_path)
...

 GET /v1/app/validate/status/{request_id}

https://appinspect.splunk.com/v1/app/validate/status/{request_id}

 Description

Returns the status of an in-process request using the value of request_id that is returned from an initial validation request to the /v1/app/validate endpoint.

Once the request is complete, this endpoint returns information for a limited time. The app information in info might change if multiple apps are submitted at once. For the full report, use the /report/{request_id} endpoint.

HTTP method: GET

Authentication: Bearer token (JWT) obtained from splunk.com

Parameters:

ParameterTypeDescription
request_idstringRequired. The request ID.
included_tagsstringOptional. Used for filtering the check results. If the parameter is omitted then the included_tags or included_tags_arr specified at app submission (if any) will be used.
excluded_tagsstringOptional. Used for filtering the check results. If the parameter is omitted then the excluded_tags or excluded_tags_arr specified at app submission (if any) will be used.
included_tags_arrarrayOptional. Used for filtering the check results. If the parameter is omitted then the included_tags or included_tags_arr specified at app submission (if any) will be used.
excluded_tags_arrarrayOptional. Used for filtering the check results. If the parameter is omitted then the excluded_tags or excluded_tags_arr specified at app submission (if any) will be used.

Response codes: 200 (Success), 401 (Unauthorized), 403 (Forbidden or not found)

 GET /v1/app/validate/status/{request_id} method detail

 Response keys
KeyDescription
request_id An alphanumeric string that uniquely identifies this request.
statusStatus takes the form of PROCESSING, SUCCESS, or ERROR.

 Examples

 JSON response
JSON
{
 "request_id": "your_request_id_here",
 "status": "PROCESSING"
}

 GET /v1/app/report/{request_id}

https://appinspect.splunk.com/v1/app/report/{request_id}

 Description

Returns the report data for a given request. The report endpoint returns an HTTP status code 404 (Not found) until validation of the app is complete.

HTTP method: GET

Authentication: Bearer token (JWT) obtained from splunk.com

Parameters:

ParameterTypeDescription
request_idstringRequired. The request ID.
included_tagsstringOptional. Used for filtering the check results. If the parameter is omitted then the included_tags or included_tags_arr specified at app submission (if any) will be used.
excluded_tagsstringOptional. Used for filtering the check results. If the parameter is omitted then the excluded_tags or excluded_tags_arr specified at app submission (if any) will be used.
included_tags_arrarrayOptional. Used for filtering the check results. If the parameter is omitted then the included_tags or included_tags_arr specified at app submission (if any) will be used.
excluded_tags_arrarrayOptional. Used for filtering the check results. If the parameter is omitted then the excluded_tags or excluded_tags_arr specified at app submission (if any) will be used.

Response codes: 200 (Success), 401 (Unauthorized), 403 (Forbidden or not found)

 Example

 JSON response
JSON
{
  "links": [
    {
      "href": "/v1/app/report/7779ce08-1adf-489f-870a-6c1ea6a47948",
      "rel": "self"
    }
  ],
  "reports": [
...

 GET /v1/info

https://appinspect.splunk.com/v1/info

HTTP method: GET

Authentication: Bearer token (JWT) obtained from Splunk.com

Parameters: No parameters

Response codes: 200 (Success)

 GET /v1/ping

https://appinspect.splunk.com/v1/ping

HTTP method: GET

Authentication: Bearer token (JWT) obtained from splunk.

Parameters: No parameters

Response codes: 200 (Success)

 Errors

All endpoints are secured through the Splunk AppInspect PingFed Integration. Endpoints return a 401 response for failed authorizations.

 No Header

JSON
{
  "code": "authorization_header_missing",
  "description": "Authorization header is expected"
}

 Invalid Token

JSON
{
  "code": "Unauthorized",
  "description": "Failed to authenticate"
}

 Examples

 Get an auth token

 cURL

curl -k -u USERNAME:PASSWORD \
     --url "https://api.splunk.com/2.0/rest/login/splunk"

 Python

import requests
url = "https://api.splunk.com/2.0/rest/login/splunk"
headers = {
    'authorization': "Basic <auth_token>",
    'cache-control': "no-cache"
    }
response = requests.request("GET", url, headers=headers)
print(response.text)

 Validate a package

 cURL

curl
   -X POST \
   -H "Authorization: bearer <auth_token>" \
   -H "Cache-Control: no-cache" \
   -H "Content-Type: multipart/form-data; boundary=----WebKitFormBoundary7MA4YWxkTrZu0gW" \
   -F "app_package=@testapp.tar.gz" \
   -F "included_tags=cloud" \
   "https://appinspect.splunk.com/v1/app/validate" 

 See also