REST External prompt
External prompts are prompts that are sent to individuals or groups who are not using Splunk SOAR. This is also known as prompt-driven automation.
For prompts to people who use Splunk SOAR (internal prompts), see REST Approval.
REST/external_prompt
GET
Get information about an external prompt, including its message and questions.
Example request
curl -k -u username:password https://localhost/rest/external_prompt/<external prompt id> -G -X GET
{
"due_time": "2024-09-09T19:34:03.210000Z",
"status": "pending",
"action_name": "prompt_1",
"targets": [
{
"app_id": 0,
"assets": [],
"parameters": [
{
"to": null,
"ttl": 30,
"message": "msg",
"to_role": null,
"saml_group": null,
"mins_to_act": 30,
"secure_link": "https://psaas-cd-stg-marathon.soar.stg.splunkcloud.com/external-prompt/3vnHw1ZYH4G_u_f5w_caTwUPnERlH2PHaNVGDCNoMJY",
"saml_required": false,
"response_types": [
{
"prompt": "question1",
"options": {
"type": "message",
"required": true
}
}
],
"external_prompt_id": "3vnHw1ZYH4G_u_f5w_caTwUPnERlH2PHaNVGDCNoMJY"
}
]
}
]
}
POST
Post a response to an external prompt.
Syntax
curl -k -u username:password https://localhost/rest/external_prompt/<external prompt id>
Request string
An argument string must include the following fields:container_id.
| Field | Required | Type | Description |
|---|---|---|---|
| status | required | String | Status of the Approve, deny |
| type | required | String | When completed via this API, this value is always manual.
|
| action | required | String | When completed via this API, this value is always prompt.
|
| responses | required | String | Answer to the questions asked. |
| message | required | String | Response to the message asked. |
Example request
{"status":"approve",
"type":"manual",
"action":"prompt",
"responses":["response to question 1", "response to question 2"],
"message":"approved"}