Skip to main content

Authentication

In this module, we'll explore how to obtain and use Bearer tokens on REST API endpoints that require authentication.

For the sample REST server, you'll need to obtain a Bearer token from the /login endpoint before providing it to any of the private endpoints.

Login

important

Run the following command in your terminal window:

curl -X POST http://rest-server/login -H 'Content-Type: application/json' -d '{"username":"admin","password":"password"}'

You'll see a result similar to the following:

{"token":"eyJhbG...long Bearer token here...7Fmo46f6k02ZAg"}

To authenticate on the private REST endpoints, you'll need to take the returned value and include it as part of the Authorization header sent to the server. Note: The generated token has a short life, expiring within 5 minutes. If you receive a 401 Unauthorized response, regenerate the token.

important

Copy the value of the token in your terminal response, between the quotes, and paste it in the placeholder for the next example.

E.g. replace <paste_token_here> with eyJhbG...long Bearer token here...7Fmo46f6k02ZAg

Run the following command in your terminal window:

curl -H "Authorization: Bearer <paste_token_here>" http://rest-server/private/test

If the token was accepted, you'll see the following output:

Success!

Below, we show a faster way to run this command. Here, we make a sub call $(curl ...) to obtain the token before running the outer curl command. By piping the output of curl to jq, we can obtain the token. The -r flag instructs jq to output raw text.

note

Run the following command in your terminal window:

curl -H "Authorization: Bearer $(curl -s -X POST http://rest-server/login -H 'Content-Type: application/json' -d '{"username":"admin","password":"password"}' | jq -r .token)" http://rest-server/private/test

Configure Cribl Stream to Collect from an Authenticated Endpoint

important

If necessary, navigate back to the REST Collector Source page. From the top nav of your Cribl Stream Sandbox, select Manage > Data > Sources, then select Collectors > REST from the Data Sources page's tiles. Click Add Collector to open the REST > Add Collector modal, which provides the following options and fields.

  1. In the Collector ID field, enter secure_collection.

  2. Copy the following URL to the Collect URL field:

    'http://rest-server/private/array'

  3. Expand the Authentication section accordion.

  4. Among the resulting Authentication option buttons, select Login. This exposes several new fields.

  5. Configure the Authentication parameters with the following settings:

    ParameterValue
    Login URL'http://rest-server/login'
    Usernameadmin
    Passwordpassword
    POST Body`{ "username": "${username}", "password": "${password}" }`
    Token Attributetoken
    Authorize Expression`Bearer ${token}`

  6. At the bottom left, click ► Save & Run. In the Run configuration modal, click Run again.

The Preview modal should display a single event containing 5 items in an array.

When you configure a REST Collector's Authentication settings, as in this module, Cribl Stream automatically adds the value of the Authorize Expression to the Authentication header for all subsequent calls (e.g., Discover and Collect).

Conclusion

Now you know how to automatically obtain a Bearer token from an endpoint, and use it during data discovery and collection!

In the next module, you'll explore how to apply Event Breaking to data in a JSON array.