HTTP Notification - API KEY

Before you post: Your responses to these questions will help the community help you. Please complete this template if you’re asking a support question.
Don’t forget to select tags to help index your topic!

1. Describe your incident:

We are working with Graylog5 and I’d like to setting up Alerts with HTTP Notification linked to our API in AWS.

It works fine without API KEY but when I configure it (api key) in Graylog Notification, it response " Error: Expected successful HTTP response [2xx] but got [403].".

I don’t know if it need a specific name for “api key”…

I tested the API with postman and curl from instance where the graylog server is and it worked fine.

2. Describe your environment:

  • OS Information:
  • Graylog 5
  • Ubuntu
  • AWS

Hello ,

Can you show you configurations?
Just checking, Looks like both of these need to be set.

If an API secret is set, an API key must also be set.
If an API key is set, an API secret must also be set.

Hi @gsmith,
Yes, you can. I attached a screenshot below.

HTTP Notification sends the API key as a query parameter. I think AWS is expecting it as a header.

I filed an issue for this: HTTP Notification: support API key as header (in addition to query string) · Issue #14691 · Graylog2/graylog2-server · GitHub

Hi Patrick,
But It does not make sense that Graylog send api-keys as query parameter…
That is not secure…

Only via https

Gesendet von Outlook für Android

I don’t know what you mean in your last comment…

You are right, security of API-keys is a bit more involved.

When sending via SSL, the query string is also encrypted. In that sense it isn’t any less secure than putting the key in a header. But URLs may get logged or passed as referrer headers, exposing the key. Headers are better in that regard.

API-Keys shouldn’t be used for authentication anyway. Here is a pretty good discussion:

Google cloud APIs accept API keys both in the query string and as a header parameter. Unfortunately, AWS only supports header parameter.

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.