in this article we’ll show how you a step-by-step approach to performing an OAuth authentication when developing in the Splunk Add-on Builder.

In a previous post we introduced the GlowStick Zigbee CAD, a device that collects your smart meter data and makes it available to you via an API.

Understand the Journey

The API you are trying to code against should of course have documentation, perhaps even “curl” examples of how to perform the OAuth journey. Read this and try out the “curl” examples with your credentials., make sure you can see that a token is returned in the response.

Use Postman

Postman is an API platform for building and using APIs. One key feature is that it will generate the code required to call the API that you are coding against. Through the user interface you can add the URI of the API, any headers required and the payload.

Screenshot showing the OAuth API call in Postman
Setup your OAuth call in Postman

As indicated above, we can use Postman to provide code that makes the API call. There are various language and library options available, for the purposes of Splunk Add-on development we will use the Python – Requests library. Clicking on the “Code” link as shown in the screenshot above provides the code, as shown below.

Postman Code Screen showing the code required to make the API call using Python Requests
Postman Code Screen showing how to call the API using Python – Requests

Use Add-on Builder to Create the App

Use the Splunk Add-on Builder to create your app. To get started click “New Add-on”:

Screenshot of the Splunk Add-on builder showing the New Add-on option
Splunk Add-on Builder – Create New Add-on

Create Data Input

The next step is to start the setup of a data input. You will need to know the parameters required to complete the OAuth authentication along with any other parameters required to fetch the data once the authentiation is complete. This may be as straightforward as a a client_id and secret but some scenarios may require more. By completing step 1 “Understand the Journey” you should already have an understanding of this.

  • Click “Configure Data Collection”
  • On the “Data Input Properties” tab:
    • Click “New Input”
    • Click “Modular input using my Python code”
    • Supply values for the data input properties:
      • Source type name = the splunk sourcetype of the data the input will collect
        • example = glowmarkt:electricity:current
      • Input Display Name = The display name of the input within the Add-on
        • example = Electricity Consumption
      • Input Name = the internal name of the input
        • example = electricity_consumption
      • Description = a description for the input
      • Collection Interval = how frequently to collect data
        • Example = 30 seconds (make the API call to collect data every 30 seconds)
    • On the “Data Input Properties” tab
      • This is where you will configure the parameters that the end user of the add-on will enter. The “Global Account” allows you to setup a username/password (or client_id/secret in OAuth context) that can be used by all inputs configured in the add on
      • Parameters that are required per input are also added here
        • for the glowmarkt API we require an applicationId and a resourceId to make the data call
        • drag a text input over to setup an input parameter for the API call, one to reuest the applicationId and another to request the resourceId
        • drag over the Global Account option to add a drop down so that the user can select which Global Account to use
    • Click Next

Supply the Code

Replace the supplied python code with the following:

import os
import sys
import time
import datetime
import json
import utils.auth as rauth
import utils.utils as utils
def validate_input(helper, definition):
def collect_events(helper, ew):

Now we need to add some code into the correct directory within the Add-on:

  • Create a directory: ${SPLUNK_HOME}/etc/apps/<TA-NAME>/bin/utils
  • In the new directory create an empty file:

The file is where we will perform the OAuth authentication and retreive the token to be used on the subsequent call to collect the data.

  • In the utils directory, create another file :
    • in we will create a method get_access_token that will perform the Oauth and return the access token
    • in this get_access_token method you will need to codespecifically againt the OAuth endpoint for your scenario
    • the code we generated in the “Use Postman” section will help here
    • note that this API needs the username and password in a specific format
# encoding = utf-8
import sys
import json
import requests

def get_access_token(username, password, application_id):
    url = ""
    payload="{\"username\": \"%s\", \n\"password\": \"%s\"\n}"%(username,password)
    headers = {
        'Content-Type': 'application/json',
        'applicationId': application_id
        response =, headers=headers,data=payload).json()
        return response['token']
    except Exception as e:
            raise e

Now we create another file, The code in this file will call the API to retrieve the data. You could use Postman again to help ensure you have the correct headers and to check out what the response looks like.

# encoding = utf-8
import sys
import json
import requests

def get_items(helper, access_token, url, applicationId):
    header = {'Content-Type': 'application/json',
    'token': access_token,
    'applicationId': applicationId}

        r = requests.get(url, headers=header)
        response_json = json.loads(r.content)
    except Exception as e:
        raise e

    return response_json

Back to the Builder

Switch back to the Add-on Builder and click on Add-On Setup Parameters.

  • Supply the username and password (client_id, secret) required to make the OAuth call
  • Click on the Data Input parameters and supply any parameters you defined as required

Now we need to supply the code for the collect_events method we can see in the Add-on builder Code Editor:

import os
import sys
import time
import datetime
import json
import utils.auth as rauth
import utils.utils as utils
def validate_input(helper, definition):
def collect_events(helper, ew):
    global_account = helper.get_arg("global_account")
    username = global_account["username"]
    password = global_account["password"]
    applicationid = helper.get_arg("applicationid")
    resourceid = helper.get_arg("resourceid")
    access_token = rauth.get_access_token(username, password, applicationid)
        helper.log_debug("Calling glowmarkt API")
        url = "" % (resourceid)
        electricity_reading = utils.get_items(helper, access_token, url, applicationid)
        event = helper.new_event(

        raise RuntimeError("Unable to obtain access token. Please check the username, password and applicationId")

Hit Save then Test. If everything is in place then you should see the JSON output of the API call in the right hand side. Congratulations on coding an OAuth journey with the Splunk Add-on Builder!

Validate your Add-on

There are more inputs to add to this add-on but we are going to skip to the end for now. Prior to uploading to Splunkbase you should validate your add-on. Even if you don’t plan to upload to Splunkbase it’s a good time to check that everything is in order.

As you can see below the Add-on passed validation with one single warning about their being no events. We haven’t setup any inputs in the actual add-on, the reason for this is so that the downloaded package doesn’t contain any user config.

Screenshot of the Add-on builder validating the Glowmarkt Add-on
Add-on Builder Validate Package Screen

Finally you can click on the “Download Package” button to get your newly created app and share it with your friends!

Credits and Thanks

In 2019 I was fortunate to be invited to and attend the Splunk Partner Technical Symposium in Berlin. Splunk had arranged for a number of great speakers to give proper deep dive technical talks on a variety of subjects. One of these talks explained how to perform an OAuth authentication while using the add-on builder to generate a new add-on. Many thanks to Jason Conger for this session. You can access his notes and code on github here.

For 2021 we’ve committed to posting a new Splunk tip every week!

If you want to keep up to date on tips like the one above then sign up below:

Subscribe to our newsletter to receive regular updates from iDelta, including news and updates, information on upcoming events, and Splunk tips and tricks from our team of experts. You can also find us on Twitter and LinkedIn.


* indicates required
Posted by:Stuart Robertson

Stuart Robertson is the Consulting Director at iDelta. He is one of the initial founders of iDelta and has worked there since formation in 2001. Stuart holds various certifications in Core Splunk and ITSI. Stuart also holds a Bsc(Hons) in Computing Science from the University of Glasgow.