- Access exclusive content
- Connect with peers
- Share your expertise
- Find support resources
10-03-2024 01:42 PM
Anyone tried with Stoplight XSOAR 8 API.
I am trying the APIs listed https://cortex-panw.stoplight.io/docs/cortex-xsoar-8/kjn2q21a7yrbm-get-started-with-cortex-xsoar-8-a...
However, I am getting 401 Unauthorized on every call.
I have tried generating new API keys with Instance Admin role as well but no luck.
Tried with python, terminal and Postman, still the same.
10-07-2024 05:12 AM
- You need to use the server API URL from the API-keys page.(https://api-{fqdn}/xsoar/public/v1/{endpoint_path})
- Mind this from the docs: 'Choose the type of API Key you want to generate based on your desired security level: Advanced or Standard. The Advanced API key hashes the key using a nonce, a random string, and a timestamp to prevent replay attacks. cURL does not support this but is suitable with scripts. Use the example script to create the advanced API authentication token."
So, test with an std key using curl: curl -X POST https://api-your-xsoar.us.paloaltonetworks.com/api_keys/validate/ -H "x-xdr-auth-id:{api_key_id}" -H "Authorization:{api_key}" -H "Content-Type:application/json" -d '{}'
For an advanced API key:
from datetime import datetime, timezone
import secrets
import string
import hashlib
import requests
def test_advanced_authentication(api_key_id, api_key):
# Generate a 64 bytes random string
nonce = "".join([secrets.choice(string.ascii_letters + string.digits) for _ in range(64)])
# Get the current timestamp as milliseconds.
timestamp = int(datetime.now(timezone.utc).timestamp()) * 1000
# Generate the auth key:
auth_key = "%s%s%s" % (api_key, nonce, timestamp)
# Convert to bytes object
auth_key = auth_key.encode("utf-8")
# Calculate sha256:
api_key_hash = hashlib.sha256(auth_key).hexdigest()
# Generate HTTP call headers
headers = {
"x-xdr-timestamp": str(timestamp),
"x-xdr-nonce": nonce,
"x-xdr-auth-id": str(api_key_id),
"Authorization": api_key_hash
}
parameters = {}
res = requests.post(url="https://api-your-xsoar.us.paloaltonetworks.com/api_keys/validate/",
headers=headers,
json=parameters)
return res
10-07-2024 01:57 AM
@benstokes
Thanks for the response.
headers = {
"x-xdr-auth-id": str(<api_key_id>),
"Authorization": ApiKey <api_key>,
"Accept": "application/json"
}
It still fails. Maybe I missing on something else.
10-07-2024 05:12 AM
- You need to use the server API URL from the API-keys page.(https://api-{fqdn}/xsoar/public/v1/{endpoint_path})
- Mind this from the docs: 'Choose the type of API Key you want to generate based on your desired security level: Advanced or Standard. The Advanced API key hashes the key using a nonce, a random string, and a timestamp to prevent replay attacks. cURL does not support this but is suitable with scripts. Use the example script to create the advanced API authentication token."
So, test with an std key using curl: curl -X POST https://api-your-xsoar.us.paloaltonetworks.com/api_keys/validate/ -H "x-xdr-auth-id:{api_key_id}" -H "Authorization:{api_key}" -H "Content-Type:application/json" -d '{}'
For an advanced API key:
from datetime import datetime, timezone
import secrets
import string
import hashlib
import requests
def test_advanced_authentication(api_key_id, api_key):
# Generate a 64 bytes random string
nonce = "".join([secrets.choice(string.ascii_letters + string.digits) for _ in range(64)])
# Get the current timestamp as milliseconds.
timestamp = int(datetime.now(timezone.utc).timestamp()) * 1000
# Generate the auth key:
auth_key = "%s%s%s" % (api_key, nonce, timestamp)
# Convert to bytes object
auth_key = auth_key.encode("utf-8")
# Calculate sha256:
api_key_hash = hashlib.sha256(auth_key).hexdigest()
# Generate HTTP call headers
headers = {
"x-xdr-timestamp": str(timestamp),
"x-xdr-nonce": nonce,
"x-xdr-auth-id": str(api_key_id),
"Authorization": api_key_hash
}
parameters = {}
res = requests.post(url="https://api-your-xsoar.us.paloaltonetworks.com/api_keys/validate/",
headers=headers,
json=parameters)
return res
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!