Prisma Cloud API returning 401 Unauthorized

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Prisma Cloud API returning 401 Unauthorized

L0 Member

I am trying to retrieve some scans and am receiving a 401 error.  The access key has the System Admin role.  Suggestions?  Thank you.  

 

API="https://us-east1.cloud.twistlock.com/us-2-XXXXXXXXX"

# Get Token
JWT="$(curl -s ${API}/api/v22.06/authenticate -X POST -H 'Content-Type: application/json' \

           -d '{"username":"MyAccessKeyID","password":"MySecretKey"}' | jq '.["token"]' | tr -d '"' )"

# Create header with token
HEADER="Authorization: Bearer ${JWT}"

RESPONSE="$(curl -i ${API}/api/v22.06/scans -i -H '${HEADER}' -H 'content-type: application/json; charset=UTF-8' )"
echo $RESPONSE

 

4 REPLIES 4

L1 Bithead

Hello, 

Although the HTTP standard specifies "unauthorized", the response can also potentially mean "unauthenticated" which means the client needs to authenticate itself to get the requested response. Can you please make sure you are authenticated before you call the API?

Kishwar Firdaus | Customer Success Engineer - PrismaCloud

I am passing in a token in one of my headers. "-H '${HEADER}'"  I believe this is all I need for authentication.  Am I incorrect in assuming this?

Hello,

Thanks for reaching out. Can you please try to regenerate your token and retry API call? Please let me know if you receive the same error. 

 

 

Kishwar Firdaus | Customer Success Engineer - PrismaCloud

L3 Networker

Although you are getting a 401, maybe this might help someone else,  check your connectivity with the ping api...

curl -k \
-s \
-o /dev/null \
-w "%{http_code}\n" \
-X GET \
https://<CONSOLE>:8083/api/v1/_ping

 

once you get a 200 then signon...

######### Prisma Cloud SignOn ################
curl --request POST \
--url https://api.prismacloud.io/login \
--header 'accept: application/json; charset=UTF-8' \
--header 'content-type: application/json; charset=UTF-8' \
--data "{\"username\":\"${PRISMA_KEY_ID}\",\"password\":\"${PRISMA_SECRET}\",\"customerName\":\"Citrusoft\"}"

 

############ Prisma Cloud Compute SignOn #################
curl -k \
-H "Content-Type: application/json" \
-X POST \
-d \
"{
\"username\":\"${PRISMA_KEY_ID}\",
\"password\":\"${PRISMA_SECRET}\"
}" \
${PRISMA_CONSOLE}/api/v1/authenticate

 

The response contains a token; you can assign token's value to an environment variable.

export token='whatever'

 

Then invoke an API...

############ List Prisma Compliance Policies #################
curl -k \
-H 'Content-Type: application/json' \
-H "Authorization: Bearer $token" \
-X GET \
${PRISMA_CONSOLE}/api/v1/policies/compliance/container

 

######## List Prisma Cloud Compute Registries to be Scanned ##########

curl -k \
-u "${PRISMA_KEY_ID}:${PGE_PRISMA_SECRET}" \
-H 'Content-Type: application/json' \
-X GET \
"${PRISMA_CLOUD_COMPUTE_CONSOLE_API_ADDR}/api/v22.06/registry/names"

 

notice that i did not use the token in that last command.

 

hope that helps.

good luck!

Tommy Hunt AWS-CSA, Java-CEA, PMP, SAFe Program Consultant
thunt@citrusoft.org
https://www.citrusoft.org
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!