https://live.paloaltonetworks.com/t5/automation-api-discussions/ioc-upload-401-response/m-p/443905#M2818 <P>Not sure what I did differently but I managed to get past this but now I'm on a 400 error, here are a few examples:&nbsp;</P><LI-CODE lang="markup">b'{"reply": {"err_code": 400, "err_msg": "Bad Request. Got an invalid JSON.", "err_extra": "Invalid control character at: line 1 column 94 (char 93)"}}' b'{"reply": {"err_code": 400, "err_msg": "Bad Request. Got an invalid JSON.", "err_extra": "Expecting value: line 1 column 1 (char 0)"}}'</LI-CODE><P>&nbsp;</P><P>This is an example of the JSON I'm posting, the IOC's are from XDR's sample file in the upload interface:&nbsp;</P><LI-CODE lang="markup">{ "request_data": "192.168.2.1,IP,INFO,Never,Comment string,BAD,C,Malware,Vendor string,GOOD,C\nC:\tmp\risky_script.py,PATH,INFO,Never,Comment string,BAD,C,Malware,Vendorstring,GOOD,C\ncrypto_v.exe,FILENAME,INFO,Never,Comment string,BAD,C,Malware,Vendor string,GOOD,C\nwww.lottery4free.biz,DOMAIN_NAME,INFO,Never,Commentstring,BAD,C,Malware,Vendor string,GOOD,C\n900150983cd24fb0d6963f7d28e17f72,HASH,INFO,Never,Commentstring,BAD,C,Malware,Vendor string,GOOD,C\nba7816bf8f01cfea414140de5dae2223b00361a396177a9cb410ff61f20015ad,HASH,INFO,Never,Comment string,BAD,C,Malware,Vendor string,GOOD,C\n" }</LI-CODE><P>&nbsp;</P><P>I put this into a JSON validator which said it's good. I've played around with a few variations but haven't had any luck. Does anyone have advice on the JSON formatting expected by the API?&nbsp;</P><P>&nbsp;</P> Wed, 27 Oct 2021 21:02:06 GMT John_Easton 2021-10-27T21:02:06Z https://live.paloaltonetworks.com/t5/automation-api-discussions/ioc-upload-401-response/m-p/443529#M2814 <P>Hello,&nbsp;</P><P>&nbsp;</P><P>I am trying to upload IOC's with this API reference:&nbsp;</P><P><A href="https://docs.paloaltonetworks.com/cortex/cortex-xdr/cortex-xdr-api/cortex-xdr-apis/rule-management/insert-indicator-csv.html#insert-simple-indicators-csv" target="_blank" rel="noopener">Insert Simple Indicators, CSV (paloaltonetworks.com)</A></P><P>&nbsp;</P><P>I'm posting the data with the requests module in python and always get a 401 response for&nbsp;"Unauthorized access. An issue occurred during authentication. This can indicate an incorrect key, id, or other invalid authentication parameters."</P><P>&nbsp;</P><P>&nbsp;</P><LI-CODE lang="python">headers = { 'x-xdr-auth-id': '300', 'authorization': 'APIKEY', 'content-type': 'application/json', } data = '{"request_data": "' + request_data + '"}' response = requests.post('https://api-xxx.paloaltonetworks.com/public_api/v1/indicators/insert_csv/', headers=headers, data=data)</LI-CODE><P>&nbsp;</P><P>&nbsp;</P><P>We have a&nbsp;Pro per Endpoint licence&nbsp;and I am generating an API key with full permissions for testing. I get the&nbsp;{API_KEY_ID} from the ID column after the key is generated.&nbsp;</P><P>&nbsp;</P><P>Any ideas why this is failing?</P><P>&nbsp;</P><P>Thanks,&nbsp;</P><P>John.&nbsp;</P> Tue, 26 Oct 2021 18:21:36 GMT https://live.paloaltonetworks.com/t5/automation-api-discussions/ioc-upload-401-response/m-p/443529#M2814 John_Easton 2021-10-26T18:21:36Z https://live.paloaltonetworks.com/t5/automation-api-discussions/ioc-upload-401-response/m-p/443905#M2818 <P>Not sure what I did differently but I managed to get past this but now I'm on a 400 error, here are a few examples:&nbsp;</P><LI-CODE lang="markup">b'{"reply": {"err_code": 400, "err_msg": "Bad Request. Got an invalid JSON.", "err_extra": "Invalid control character at: line 1 column 94 (char 93)"}}' b'{"reply": {"err_code": 400, "err_msg": "Bad Request. Got an invalid JSON.", "err_extra": "Expecting value: line 1 column 1 (char 0)"}}'</LI-CODE><P>&nbsp;</P><P>This is an example of the JSON I'm posting, the IOC's are from XDR's sample file in the upload interface:&nbsp;</P><LI-CODE lang="markup">{ "request_data": "192.168.2.1,IP,INFO,Never,Comment string,BAD,C,Malware,Vendor string,GOOD,C\nC:\tmp\risky_script.py,PATH,INFO,Never,Comment string,BAD,C,Malware,Vendorstring,GOOD,C\ncrypto_v.exe,FILENAME,INFO,Never,Comment string,BAD,C,Malware,Vendor string,GOOD,C\nwww.lottery4free.biz,DOMAIN_NAME,INFO,Never,Commentstring,BAD,C,Malware,Vendor string,GOOD,C\n900150983cd24fb0d6963f7d28e17f72,HASH,INFO,Never,Commentstring,BAD,C,Malware,Vendor string,GOOD,C\nba7816bf8f01cfea414140de5dae2223b00361a396177a9cb410ff61f20015ad,HASH,INFO,Never,Comment string,BAD,C,Malware,Vendor string,GOOD,C\n" }</LI-CODE><P>&nbsp;</P><P>I put this into a JSON validator which said it's good. I've played around with a few variations but haven't had any luck. Does anyone have advice on the JSON formatting expected by the API?&nbsp;</P><P>&nbsp;</P> Wed, 27 Oct 2021 21:02:06 GMT https://live.paloaltonetworks.com/t5/automation-api-discussions/ioc-upload-401-response/m-p/443905#M2818 John_Easton 2021-10-27T21:02:06Z https://live.paloaltonetworks.com/t5/automation-api-discussions/ioc-upload-401-response/m-p/444326#M2820 <P>Eventually worked this out with more trial and error.&nbsp;</P><P>&nbsp;</P><P>I had to change the 'data' variable from a string to a dictionary and serialize the JSON in the request.&nbsp;</P><P>&nbsp;</P><P>&nbsp;</P><P>&nbsp;</P><LI-CODE lang="python">data = {"request_data": request_data} response = requests.post('https://api-xxx.paloaltonetworks.com/public_api/v1/indicators/insert_csv/', headers=headers, json=data)</LI-CODE><P>&nbsp;</P><P>&nbsp;</P><P>&nbsp;</P><P>I was also missing the CSV headers, I believe that is what creates these errors:&nbsp;</P><PRE>"err_extra": "Invalid control character</PRE><P>&nbsp;</P> Fri, 29 Oct 2021 13:16:18 GMT https://live.paloaltonetworks.com/t5/automation-api-discussions/ioc-upload-401-response/m-p/444326#M2820 John_Easton 2021-10-29T13:16:18Z