Authentication for an API defines who has permission to access secure data or endpoints. This is especially important for APIs sharing sensitive information, APIs that allow end users to make changes, or for companies that charge some cost for accessing data via API. You might want to test ticket-based API authentication when doing the following:
In order to execute this procedure in your environment, the following data, services, or apps are required:
- Splunk Synthetic Monitoring, API Check
Ticket-based authentication is ideal for any scenario where you’re protecting sensitive information, allowing an API to create objects or make changes or if you’re charging
some cost for use of your API. In order to effectively monitor an API that uses ticket-based authentication, you must be able to complete multiple steps and save the ticket or token in a variable that can be reused in future steps. You can make a request with a username and password and some type of specification in the header, then retrieve a token from the system, save that token as a variable and then make another request to an endpoint with that token as a header.