AgentSkillsCN

splunk-auth-tokens

为 REST API 访问创建并管理 Splunk 认证令牌(JWT)。适用于创建 Splunk API 令牌、管理令牌生命周期、列出活跃令牌,或撤销 Splunk 访问权限时使用。当用户提及 Splunk 认证、Splunk 令牌、Splunk JWT、Splunk API 凭据,或需要设置对 Splunk REST API 的程序化访问时触发。

SKILL.md
--- frontmatter
name: splunk-auth-tokens
description: >
  Create and manage Splunk authentication tokens (JWT) for REST API access. Use this
  skill when creating Splunk API tokens, managing token lifecycle, listing active tokens,
  or revoking Splunk access. Trigger when the user mentions Splunk authentication,
  Splunk tokens, Splunk JWT, Splunk API credentials, or needs to set up programmatic
  access to Splunk REST APIs.

Splunk Authentication Token API

Create and manage authentication tokens (JWT) for accessing Splunk REST APIs. Splunk uses JWT tokens rather than OAuth for API authentication.

When to Use

  • Creating new authentication tokens for API access
  • Listing existing tokens for a user
  • Retrieving token details or status
  • Revoking/deleting tokens
  • Setting up programmatic Splunk access

Authentication

Use Basic Auth or an existing Bearer token to manage tokens:

code
Authorization: Basic <base64(username:password)>
Authorization: Bearer <existing_token>

Key Endpoints

EndpointMethodPurpose
/authorization/tokensGETList all tokens for the authenticated user
/authorization/tokensPOSTCreate a new authentication token
/authorization/tokens/{token_id}GETGet details for a specific token
/authorization/tokens/{token_id}DELETERevoke/delete a specific token

Token Types

  • Static tokens — Long-lived with configurable expiration
  • Ephemeral tokens — Short-lived, auto-expire
  • Interactive tokens — Used by browsers, exchanged for session cookies

Creating Tokens

POST to /authorization/tokens with:

  • name — Human-readable token name
  • audience — Intended audience for the token
  • expires_on — Expiration epoch timestamp (0 = never expires)
  • not_before — Token valid-from epoch timestamp

Response Data

Token responses include: id, token (the JWT string — only returned on creation), status, claims (name, audience, subject, expiration, issuer, not_before).

Important Notes

  • The actual JWT token value is only returned at creation time — store it securely
  • Splunk REST APIs do not support OAuth; use these JWT tokens instead
  • Include output_mode=json parameter for JSON responses (default is XML)

API Reference

For complete schema details including all parameters, response fields, and error codes, read references/openapi.yml.