I do it using the fn-utilities CALL REST API workflow :
for example : get the ID of an artifact type
rest body is set hard to:
{
"filters": [
{
"conditions": [
{
"method": "equals",
"field_name": "type",
"value": 1
}
]
}
],
"sorts": [],
"start": 0,
"length": 10,
"recordsTotal": 0
}
The preprocess script is :
# Rest fonction we are looking at:
# get /orgs/{org_id}/artifact_types/{type_id}
# Method:
inputs.rest_method = "GET"
# URL:
# This should be adapted to your >>Resilient Domain Name<< from your integration server, and your >>ORG<<
# inputs.rest_url = u"https://{myresilientdomainname}/rest/orgs/{org_id}/artifact_types/{type_id}
inputs.rest_url = u"https://resilient.localdomain/rest/orgs/201/artifact_types/{}".format(artifact.type)
# Create Credential to access Resilient Server from Integration Server
# use a Specific API credential that is visible and create the encode version using this command in SSH: echo -n "api_key_id:api_key_secret" | base64
api_encoded_credentials = "ZjJlNGUyYTMtMTlhMS00ZTkwLWI2M2ItZmJjODA3OWY3NjllOk1ON2gxSjZUUFNyTGlra29IV2FoWVI5NTlUYV8weVhkc01ILVZZZFNraG8="
# BODY, See input
# HTTP headers can be specified as a multi-line string
inputs.rest_headers = """
Content-Type: application/json
Authorization: Basic {}
""".format(api_encoded_credentials)
# The 'rest_verify' parameter (Boolean) indicates whether to verify SSL certificates.
# This should be True unless you need to connect to a self-signed or other invalid cert.
inputs.rest_verify = False
you can see inside how I create the API code credentials:
# Create Credential to access Resilient Server from Integration Server
# use a Specific API credential that is visible and create the encode version using this command in SSH: echo -n "api_key_id:api_key_secret" | base64
api_encoded_credentials = "ZjJlNGUyYTMtMTlhMS00ZTkwLWI2M2ItZmJjODA3OWY3NjllOk1ON2gxSjZUUFNyTGlra29IV2FoWVI5NTlUYV8weVhkc01ILVZZZFNraG8="
and pass them during the call in the header:
# HTTP headers can be specified as a multi-line string
inputs.rest_headers = """
Content-Type: application/json
Authorization: Basic {}
""".format(api_encoded_credentials)
in this case for test, the result in postprocess is just:
# uncomment below for debug
# incident.addNote("Workflow Call: Resilient Rest API to get Artifact type ID \n Status Code: {} \n {}".format(results.status_code, results.json.id))
# incident.addNote("Workflow Call: Resilient Rest API to get Artifact type ID \n Status Code: {} \n {}\n {}".format(results.status_code, results.json.id, results.json.properties))
------------------------------
BENOIT ROSTAGNI
------------------------------
Original Message:
Sent: Thu February 27, 2020 07:39 AM
From: Gert Huisman
Subject: Authenticate to SessionREST with API key_id and secret
Hello,
Is there a way to authenticate against the /rest/session API endpoint with the key_id and secret?
We use the latest Resilient version 35.2.32
------------------------------
Kind Regards,
Gert Huisman
------------------------------