HTTP API Collector
Collect from REST APIs
The HTTP API collector allows you to collect from arbitrary REST APIs while using authentication. Additionally, the API collector supports paginated APIs via go templating.
Configuration Parameters
General
Advanced
OAuth2
Go Templating
One of the main benefits of the HTTP API collector is the ability to perform custom logic on top of the HTTP API Collection that you are performing. For example, you can use the next_url_template to continue scanning a paginated API or you can add a custom loop for check a series of offsets A helpful list of go template commands can be found here: (http://masterminds.github.io/sprig/)
Tips and Tricks
When performing a pull from an API for the first time, the exploration of format of the API response is best done with curl or the API documentation.
Example of Okta Syslog Log API
The following is an example of Okta System Log Response, a paginated API and how to use the HTTP API templating to continue through the records
https://developer.okta.com/docs/reference/api/system-log/
The response is a JSON array with objects inside. We need to send these objects independently through Calyptia Core pipelines so we will also enable the Split Records feature to true
Advanced Configuration within Calyptia Core Pipeline
Next URL Template
https://developer.okta.com/docs/reference/api/system-log/#next-link-response-header
The Next URL Template is a go-template that is used to build a new URL. In this case, the Okta API recommends using the response header Link rel=next
to know which URL to use to advance to the next page. nextLink
is a header function within go templates that takes that rel=next
from the headers.
Split Records
As the response is a JSON array we want to split this into multiple records allowing us to perform processing on each one indepedently. To do this we use the template function toRawJSON
function.
Stop Template
This parameter is used to tell the Calyptia Core pipeline when to stop fetching new fata. In this case we plan to continue tailing throughout time so we can pass a boolean value of false
but we could also pass a go-template such as {{empty (nextLink .header)}}
which would stop when a Link rel=next
is no longer visible in the headers
Additional Go Template resources
Last updated