Using XSOAR API Stoplight

pagnihotri — Thu, 03 Oct 2024 20:42:14 GMT

Anyone tried with Stoplight XSOAR 8 API.

I am trying the APIs listed https://cortex-panw.stoplight.io/docs/cortex-xsoar-8/kjn2q21a7yrbm-get-started-with-cortex-xsoar-8-ap-is

However, I am getting 401 Unauthorized on every call.

I have tried generating new API keys with Instance Admin role as well but no luck.

Tried with python, terminal and Postman, still the same.

Re: Using XSOAR API Stoplight

pagnihotri — Mon, 07 Oct 2024 08:57:25 GMT

@benstokes
Thanks for the response.

headers = {
"x-xdr-auth-id": str(<api_key_id>),
"Authorization": ApiKey <api_key>,
"Accept": "application/json"
}

It still fails. Maybe I missing on something else.

Re: Using XSOAR API Stoplight

ctopay — Mon, 07 Oct 2024 12:12:51 GMT

- You need to use the server API URL from the API-keys page.(https://api-{fqdn}/xsoar/public/v1/{endpoint_path})
- Mind this from the docs: 'Choose the type of API Key you want to generate based on your desired security level: Advanced or Standard. The Advanced API key hashes the key using a nonce, a random string, and a timestamp to prevent replay attacks. cURL does not support this but is suitable with scripts. Use the example script to create the advanced API authentication token."

So, test with an std key using curl: curl -X POST https://api-your-xsoar.us.paloaltonetworks.com/api_keys/validate/ -H "x-xdr-auth-id:{api_key_id}" -H "Authorization:{api_key}" -H "Content-Type:application/json" -d '{}'
For an advanced API key:

from datetime import datetime, timezone import secrets import string import hashlib import requests def test_advanced_authentication(api_key_id, api_key): # Generate a 64 bytes random string nonce = "".join([secrets.choice(string.ascii_letters + string.digits) for _ in range(64)]) # Get the current timestamp as milliseconds. timestamp = int(datetime.now(timezone.utc).timestamp()) * 1000 # Generate the auth key: auth_key = "%s%s%s" % (api_key, nonce, timestamp) # Convert to bytes object auth_key = auth_key.encode("utf-8") # Calculate sha256: api_key_hash = hashlib.sha256(auth_key).hexdigest() # Generate HTTP call headers headers = { "x-xdr-timestamp": str(timestamp), "x-xdr-nonce": nonce, "x-xdr-auth-id": str(api_key_id), "Authorization": api_key_hash } parameters = {} res = requests.post(url="https://api-your-xsoar.us.paloaltonetworks.com/api_keys/validate/", headers=headers, json=parameters) return res

Re: Using XSOAR API Stoplight

pagnihotri — Mon, 07 Oct 2024 17:02:40 GMT

@ctopay This works. Thanks

topic Re: Using XSOAR API Stoplight in Cortex XSOAR Discussions

Using XSOAR API Stoplight

Re: Using XSOAR API Stoplight

Re: Using XSOAR API Stoplight

Re: Using XSOAR API Stoplight