HTTP Notification - API KEY

dieguinsss · February 15, 2023, 2:37pm

Before you post: Your responses to these questions will help the community help you. Please complete this template if you’re asking a support question.
Don’t forget to select tags to help index your topic!

1. Describe your incident:

Hello,
We are working with Graylog5 and I’d like to setting up Alerts with HTTP Notification linked to our API in AWS.

It works fine without API KEY but when I configure it (api key) in Graylog Notification, it response " Error: Expected successful HTTP response [2xx] but got [403].".

I don’t know if it need a specific name for “api key”…

I tested the API with postman and curl from instance where the graylog server is and it worked fine.

2. Describe your environment:

OS Information:
Graylog 5
Ubuntu
AWS

gsmith · February 15, 2023, 10:20pm

Hello ,

Can you show you configurations?
Just checking, Looks like both of these need to be set.

If an API secret is set, an API key must also be set.
And
If an API key is set, an API secret must also be set.

dieguinsss · February 16, 2023, 12:29pm

Hi @gsmith,
Yes, you can. I attached a screenshot below.

patrickmann · February 16, 2023, 12:54pm

HTTP Notification sends the API key as a query parameter. I think AWS is expecting it as a header.

I filed an issue for this: HTTP Notification: support API key as header (in addition to query string) · Issue #14691 · Graylog2/graylog2-server · GitHub

dieguinsss · February 16, 2023, 9:37pm

Hi Patrick,
But It does not make sense that Graylog send api-keys as query parameter…
That is not secure…

patrickmann · February 17, 2023, 3:45am

Only via https

Gesendet von Outlook für Android

dieguinsss · February 17, 2023, 12:20pm

I don’t know what you mean in your last comment…

patrickmann · February 17, 2023, 1:13pm

You are right, security of API-keys is a bit more involved.

When sending via SSL, the query string is also encrypted. In that sense it isn’t any less secure than putting the key in a header. But URLs may get logged or passed as referrer headers, exposing the key. Headers are better in that regard.

API-Keys shouldn’t be used for authentication anyway. Here is a pretty good discussion:

https://cloud.google.com/docs/authentication/api-keys

Google cloud APIs accept API keys both in the query string and as a header parameter. Unfortunately, AWS only supports header parameter.

system · March 3, 2023, 1:13pm

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Graylog and https and cert Graylog Central (peer support)	5	973	April 28, 2021
Can someone help me with the HTTPS configuration using Apache for API access so Sidecar can use the API over HTTPS? Graylog Central (peer support) sidecar	14	612	April 15, 2020
[Feature Request] - HTTP notification - Disable SSL Verification Graylog Central (peer support) alert	5	664	July 12, 2022
Graylog 3.1 with nginx https - api browser not work Graylog Central (peer support)	6	1291	November 28, 2019
Securing graylog Graylog Central (peer support)	18	2099	September 12, 2018

HTTP Notification - API KEY

Related Topics