Hello, 

I'm trying to integrate IBM Qradar SOAR to a third party solution using REST API functions app, so the provided python code from the third party solution is this :

#Python version - 3.8#This script requires requests module installed in python.import requests url = "https://10.49..x.x:8086/api/v3/users"headers ={"authtoken":"XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX"}input_data = '''{    "list_info": {        "search_fields": {            "email_id": "myemail@xxxx.xx"        }    },    "fields_required": [        "name",        "id"}'''params = {'input_data': input_data}response = requests.get(url,headers=headers,params=params,verify=False)print(response.text)

Trying to adopt it in IBM SOAR I wrote this code : 

import jsonimport retry:    input_data = ''' "list_info": {        "search_fields": {            "email_id": "myemail@xxx.xx"        } '''          input_data = json.dumps(input_data)    params = f''' "input_data" :  {input_data} '''  inputs.rest_api_method  = 'GET'       headers = {     'authtoken':'{{apiauthtoken}}' }    inputs.rest_api_headers  = json.dumps(headers)    inputs.rest_api_query_parameters = json.dumps(params)    inputs.rest_api_url     = 'https://10.49.x.x:8086/api/v3/users'    # Indicates whether to verify SSL certificates (boolean).  inputs.rest_api_verify  = Falseexcept:  incident.addNote('Failed the request')

I'm confused so that every time I get 400 ERROR code like this : 
"'400 Client Error: for url: https://10.49x.x:8086/api/v3/users?%20%22input_data%22%20:%20%22%20%5C%22list_info%5C%22:%20%7B%..........

I appreciate any help regarding this matter.

Thank you,

Error 400 means bad request (read more about it here) I suggest you download the rest api app logs and check what it's sending. It could be a missed comma that's messing it up.

This may be an issue only I'm experiencing, but if you get an error when trying to download app logs don't put in a start date then it works.

Hello, 

I'm trying to integrate IBM Qradar SOAR to a third party solution using REST API functions app, so the provided python code from the third party solution is this :

#Python version - 3.8#This script requires requests module installed in python.import requests url = "https://10.49..x.x:8086/api/v3/users"headers ={"authtoken":"XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX"}input_data = '''{    "list_info": {        "search_fields": {            "email_id": "myemail@xxxx.xx"        }    },    "fields_required": [        "name",        "id"}'''params = {'input_data': input_data}response = requests.get(url,headers=headers,params=params,verify=False)print(response.text)

Trying to adopt it in IBM SOAR I wrote this code : 

import jsonimport retry:    input_data = ''' "list_info": {        "search_fields": {            "email_id": "myemail@xxx.xx"        } '''          input_data = json.dumps(input_data)    params = f''' "input_data" :  {input_data} '''  inputs.rest_api_method  = 'GET'       headers = {     'authtoken':'{{apiauthtoken}}' }    inputs.rest_api_headers  = json.dumps(headers)    inputs.rest_api_query_parameters = json.dumps(params)    inputs.rest_api_url     = 'https://10.49.x.x:8086/api/v3/users'    # Indicates whether to verify SSL certificates (boolean).  inputs.rest_api_verify  = Falseexcept:  incident.addNote('Failed the request')

I'm confused so that every time I get 400 ERROR code like this : 
"'400 Client Error: for url: https://10.49x.x:8086/api/v3/users?%20%22input_data%22%20:%20%22%20%5C%22list_info%5C%22:%20%7B%..........

I appreciate any help regarding this matter.

Thank you,

Thank you for your reply Maria,

It seems that the params got encoded automatically, that's what makes the error code 400 shows up.

From the first Python code I provided it works perfectly fine with 200 response but when I use the REST API functions app it seems that it's not interpreting the JSON params correctly.

Error 400 means bad request (read more about it here) I suggest you download the rest api app logs and check what it's sending. It could be a missed comma that's messing it up.

This may be an issue only I'm experiencing, but if you get an error when trying to download app logs don't put in a start date then it works.

Hello, 

I'm trying to integrate IBM Qradar SOAR to a third party solution using REST API functions app, so the provided python code from the third party solution is this :

#Python version - 3.8#This script requires requests module installed in python.import requests url = "https://10.49..x.x:8086/api/v3/users"headers ={"authtoken":"XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX"}input_data = '''{    "list_info": {        "search_fields": {            "email_id": "myemail@xxxx.xx"        }    },    "fields_required": [        "name",        "id"}'''params = {'input_data': input_data}response = requests.get(url,headers=headers,params=params,verify=False)print(response.text)

Trying to adopt it in IBM SOAR I wrote this code : 

import jsonimport retry:    input_data = ''' "list_info": {        "search_fields": {            "email_id": "myemail@xxx.xx"        } '''          input_data = json.dumps(input_data)    params = f''' "input_data" :  {input_data} '''  inputs.rest_api_method  = 'GET'       headers = {     'authtoken':'{{apiauthtoken}}' }    inputs.rest_api_headers  = json.dumps(headers)    inputs.rest_api_query_parameters = json.dumps(params)    inputs.rest_api_url     = 'https://10.49.x.x:8086/api/v3/users'    # Indicates whether to verify SSL certificates (boolean).  inputs.rest_api_verify  = Falseexcept:  incident.addNote('Failed the request')

I'm confused so that every time I get 400 ERROR code like this : 
"'400 Client Error: for url: https://10.49x.x:8086/api/v3/users?%20%22input_data%22%20:%20%22%20%5C%22list_info%5C%22:%20%7B%..........

I appreciate any help regarding this matter.

Thank you,

Hi Sha -

Please simply remove the ''' around your input params variable's value. When you later set 

inputs.rest_api_query_parameters = json.dumps(params)

you are assuming that params is a dict. You, however, are making it a string of strings. You're doing more than you need. Please try this modified code:

import jsonimport retry:    input_data = ''' "list_info": {        "search_fields": {            "email_id": "myemail@xxx.xx"        }} '''          input_data = json.dumps(input_data)    params = {"input_data" :  {input_data}}  inputs.rest_api_method  = 'GET'       headers = {     'authtoken':'{{apiauthtoken}}' }    inputs.rest_api_headers  = json.dumps(headers)    inputs.rest_api_query_parameters = json.dumps(params)    inputs.rest_api_url     = 'https://10.49.x.x:8086/api/v3/users'    # Indicates whether to verify SSL certificates (boolean).  inputs.rest_api_verify  = Falseexcept:  incident.addNote('Failed the request')

you also have a lot of unclosed { and [ in your data. Please ensure that this is all properly formatted. And be sure that you match the same input data that you're using in your python script. I think you've omitted some details, which the endpoint may require.

In general, simply use basic Python objects (lists, dicts) until you finally set the inputs.<variable_name> at which point it is time to use json.dumps().

Please spend some time trying to clean up your code and come back to me if you have any further questions.

Thank you for your reply Maria,

It seems that the params got encoded automatically, that's what makes the error code 400 shows up.

From the first Python code I provided it works perfectly fine with 200 response but when I use the REST API functions app it seems that it's not interpreting the JSON params correctly.

Error 400 means bad request (read more about it here) I suggest you download the rest api app logs and check what it's sending. It could be a missed comma that's messing it up.

This may be an issue only I'm experiencing, but if you get an error when trying to download app logs don't put in a start date then it works.

Hello, 

I'm trying to integrate IBM Qradar SOAR to a third party solution using REST API functions app, so the provided python code from the third party solution is this :

#Python version - 3.8#This script requires requests module installed in python.import requests url = "https://10.49..x.x:8086/api/v3/users"headers ={"authtoken":"XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX"}input_data = '''{    "list_info": {        "search_fields": {            "email_id": "myemail@xxxx.xx"        }    },    "fields_required": [        "name",        "id"}'''params = {'input_data': input_data}response = requests.get(url,headers=headers,params=params,verify=False)print(response.text)

Trying to adopt it in IBM SOAR I wrote this code : 

import jsonimport retry:    input_data = ''' "list_info": {        "search_fields": {            "email_id": "myemail@xxx.xx"        } '''          input_data = json.dumps(input_data)    params = f''' "input_data" :  {input_data} '''  inputs.rest_api_method  = 'GET'       headers = {     'authtoken':'{{apiauthtoken}}' }    inputs.rest_api_headers  = json.dumps(headers)    inputs.rest_api_query_parameters = json.dumps(params)    inputs.rest_api_url     = 'https://10.49.x.x:8086/api/v3/users'    # Indicates whether to verify SSL certificates (boolean).  inputs.rest_api_verify  = Falseexcept:  incident.addNote('Failed the request')

I'm confused so that every time I get 400 ERROR code like this : 
"'400 Client Error: for url: https://10.49x.x:8086/api/v3/users?%20%22input_data%22%20:%20%22%20%5C%22list_info%5C%22:%20%7B%..........

I appreciate any help regarding this matter.

Thank you,