Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Custom HTTP Notification -> API Secret should not be required if API Key is used #19338

Closed
TimmiORG opened this issue May 14, 2024 · 3 comments
Closed

Custom HTTP Notification -> API Secret should not be required if API Key is used #19338

TimmiORG opened this issue May 14, 2024 · 3 comments
Labels
feature secdev-cycle4 triaged

Comments

@TimmiORG
Copy link

TimmiORG commented May 14, 2024
edited

What?

Currently Graylog requires a API secret in case API key is used.
But the AbuseIPDB API does not require the API secret.
https://docs.abuseipdb.com/#introduction

Please remove the dependency of the API secret so that API Key could be used without it.

Why?

I'm trying to push events via the new custom HTTP notification feature of Graylog 6.0 to AbuseIPdb.com.
https://community.graylog.org/t/graylog-6-custom-http-notification-abuseipdb/32396/3

Your Environment

  • Graylog Version: 6.0.1
  • OpenSearch Version: Elastic Search 7.10.2
  • MongoDB Version: 6.0.15
  • Operating System: Rocky Linux 9.4
  • Browser version: FF 125
@kingzacko1
Copy link
Contributor

Hi there, @TimmiORG. Maybe the intended purpose of the API Key and Secret fields isn't quite clear. The API Key field is intended to be the name of the query parameter or header that the API on the other end is expecting your key to be in while the API Secret field is your actual API key. To take an example from the AbuseIPdb API you've linked:

curl -G https://api.abuseipdb.com/api/v2/check \
  --data-urlencode "ipAddress=118.25.6.39" \
  -d maxAgeInDays=90 \
  -d verbose \
  -H "Key: YOUR_OWN_API_KEY" \
  -H "Accept: application/json"

In this case, your notification API Key field should be set to Key and API Secret would be set to YOUR_OWN_API_KEY. Here is that example shown with a test notification in my Graylog setup with the API Key and Secret sent as a header and as a query param.

image
image

If we were to remove the requirement that they both be provided together, your header/query param would be empty Key: or Key= which I do not think would be useful and I don't think I see any use cases in the documentation you've provided. If it was necessary though, you could simply add the header manually to the Headers field as seen here.
image
Let me know if that makes sense or if I'm missing a valid use case for the empty value in the documentation you've referenced!

@TimmiORG
Copy link
Author

Hi @kingzacko1 ,

thank you very much for the good explanation. This clarifies it very well.
So I guess we can close this ticket than.

@kingzacko1
Copy link
Contributor

@TimmiORG you're welcome! I will go ahead and close this one out. Let us know if you run into any other issues and I'll be happy to take a look!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
feature secdev-cycle4 triaged
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@TimmiORG @kingzacko1 @rich-graylog