Using XSOAR API Stoplight

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Using XSOAR API Stoplight

L2 Linker

Anyone tried with Stoplight XSOAR 8 API.

I am trying the APIs listed https://cortex-panw.stoplight.io/docs/cortex-xsoar-8/kjn2q21a7yrbm-get-started-with-cortex-xsoar-8-a... 

However, I am getting 401 Unauthorized on every call. 

I have tried generating new API keys with Instance Admin role as well but no luck.

Tried with python, terminal and Postman, still the same.

 

Cortex XSOAR

2 accepted solutions

Accepted Solutions

L1 Bithead

- You need to use the server API URL from the API-keys page.(https://api-{fqdn}/xsoar/public/v1/{endpoint_path})
- Mind this from the docs: '
Choose the type of API Key you want to generate based on your desired security level: Advanced or Standard. The Advanced API key hashes the key using a nonce, a random string, and a timestamp to prevent replay attacks. cURL does not support this but is suitable with scripts. Use the example script to create the advanced API authentication token."

So, test with an std key using curl: curl -X POST https://api-your-xsoar.us.paloaltonetworks.com/api_keys/validate/ -H "x-xdr-auth-id:{api_key_id}" -H "Authorization:{api_key}" -H "Content-Type:application/json" -d '{}'
For an advanced API key:

from datetime import datetime, timezone
import secrets
import string
import hashlib
import requests

def test_advanced_authentication(api_key_id, api_key):
    # Generate a 64 bytes random string
    nonce = "".join([secrets.choice(string.ascii_letters + string.digits) for _ in range(64)])
    # Get the current timestamp as milliseconds.
    timestamp = int(datetime.now(timezone.utc).timestamp()) * 1000
    # Generate the auth key:
    auth_key = "%s%s%s" % (api_key, nonce, timestamp)
    # Convert to bytes object
    auth_key = auth_key.encode("utf-8")
    # Calculate sha256:
    api_key_hash = hashlib.sha256(auth_key).hexdigest()
    # Generate HTTP call headers
    headers = {
        "x-xdr-timestamp": str(timestamp),
        "x-xdr-nonce": nonce,
        "x-xdr-auth-id": str(api_key_id),
        "Authorization": api_key_hash
    }
    parameters = {}
    res = requests.post(url="https://api-your-xsoar.us.paloaltonetworks.com/api_keys/validate/",
                        headers=headers,
                        json=parameters)
    return res

 

View solution in original post

L2 Linker
3 REPLIES 3

L2 Linker

@benstokes 
Thanks for the response. 

headers = {
"x-xdr-auth-id": str(<api_key_id>),
"Authorization": ApiKey <api_key>,
"Accept": "application/json"
}

It still fails. Maybe I missing on something else.

L1 Bithead

- You need to use the server API URL from the API-keys page.(https://api-{fqdn}/xsoar/public/v1/{endpoint_path})
- Mind this from the docs: '
Choose the type of API Key you want to generate based on your desired security level: Advanced or Standard. The Advanced API key hashes the key using a nonce, a random string, and a timestamp to prevent replay attacks. cURL does not support this but is suitable with scripts. Use the example script to create the advanced API authentication token."

So, test with an std key using curl: curl -X POST https://api-your-xsoar.us.paloaltonetworks.com/api_keys/validate/ -H "x-xdr-auth-id:{api_key_id}" -H "Authorization:{api_key}" -H "Content-Type:application/json" -d '{}'
For an advanced API key:

from datetime import datetime, timezone
import secrets
import string
import hashlib
import requests

def test_advanced_authentication(api_key_id, api_key):
    # Generate a 64 bytes random string
    nonce = "".join([secrets.choice(string.ascii_letters + string.digits) for _ in range(64)])
    # Get the current timestamp as milliseconds.
    timestamp = int(datetime.now(timezone.utc).timestamp()) * 1000
    # Generate the auth key:
    auth_key = "%s%s%s" % (api_key, nonce, timestamp)
    # Convert to bytes object
    auth_key = auth_key.encode("utf-8")
    # Calculate sha256:
    api_key_hash = hashlib.sha256(auth_key).hexdigest()
    # Generate HTTP call headers
    headers = {
        "x-xdr-timestamp": str(timestamp),
        "x-xdr-nonce": nonce,
        "x-xdr-auth-id": str(api_key_id),
        "Authorization": api_key_hash
    }
    parameters = {}
    res = requests.post(url="https://api-your-xsoar.us.paloaltonetworks.com/api_keys/validate/",
                        headers=headers,
                        json=parameters)
    return res

 

L2 Linker

@ctopay This works. Thanks

  • 2 accepted solutions
  • 666 Views
  • 3 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!