Authentication and Authorization

Username and password authentication is required for access to endpoints and REST operations. You must have the edit_threat_intel_collections capability to use the threat intelligence endpoints.

Username and password authentication is used in the examples that follow.

Splunk Cloud Platform URL for REST API access

Splunk Cloud Platform has a different host and management port syntax than Splunk Enterprise. Depending on your deployment type, use one of the following options to access REST API resources.

Splunk Cloud Platform deployments

https://<deployment-name>.splunkcloud.com:8089

To get the required credentials, submit a support case on the Support Portal. After installing the credentials, use the following URL.

https://input-<deployment-name>.splunkcloud.com:8089

See Using the REST API in Splunk Cloud Platform in the the Splunk REST API Tutorials for more information.