https://github.com/ibmresilient/resilient-python-api/blob/main/resilient/resilient/co3base.py
and see that is does some more steps setting the headers that are probably needed.
Original Message:
Sent: Tue November 05, 2024 10:30 AM
From: A P
Subject: Attach file using REST Attachment API failing
I am just trying to make the API call to POST /rest/orgs/201/incidents/{incident_id}/attachments. I have tried both on postman, providing api key and api id and the attachment (in data form), and also in Python just making a call from a local machine to the SOAR url to add the attachment. How do you use that endpoint with an API key?
org_id = "201"
inc_id = "44445"
# Define API endpoint, credentials, and headers
base_url = "baseurl"
endpoint = f"/orgs/{org_id}/incidents/{inc_id}/attachments"
url = base_url + endpoint
headers = {
'accept': 'application/json;charset=utf-8',
'Content-Type': 'application/json;charset=utf-8',
}
key_id = ""
key_secret = ""
auth = HTTPBasicAuth(key_id, key_secret)
# Step 2: Post a new attachment
# File details
file_path = r"filepath"
file_name = "attachment.txt"
# Open the file in binary mode
with open(file_path, "rb") as file:
files = {
"file": (file_name, file),
}
data = {
"name": file_name,
}
response = requests.post(url, headers=headers, auth=auth, files=files, data=data, proxies=proxies, verify=False)
error:
Failed to upload attachment: 500
<!DOCTYPE html>
<html lang="en"><head>
<meta charset="utf-8">
<title>IBM Security QRadar SOAR</title>
<meta name="description" content="">
<meta name="author" content="">
<link rel="stylesheet" href="/css/external.css">
</head>
<body>
<div class="container ct">
<h1 class="ct logo-text">IBM <strong>Security</strong> QRadar SOAR</h1>
<div class="hero-unit ct">
<p>
Unable to authorize your access due to a security measure.
<br/>If seeing this message for the first time, please click <a target="_blank" href=/>here</a> to login again.
</p>
<p>
For additional support, please contact your system administrator.
</p>
</div>
</div>
<footer>
<p class="ct">© Copyright IBM Corporation 2024</p>
</footer>
<script type="text/javascript" src="/_Incapsula_Resource?SWJIYLWA=719d34d31c8e3a6e6fffd425f7e032f3&ns=4&cb=1566535507" async></script></body></html>
The error in the client.log:
16:30:33.802 [https-jsse-nio2-443-exec-24] ERROR [] o.a.c.c.C.[Co3].[co3].[/].[default] - Servlet.service() for servlet [default] in context with path [] threw exception
com.monaco.ui.shared.core.CSRFTokenCookieException: The CSRF token cookie was missing or invalid
at com.co3.web.security.CSRFTokenUtils.loadFromCookies(CSRFTokenUtils.java:58)
at com.co3.web.filter.CSRFTokenFilter.validateCSRFToken(CSRFTokenFilter.java:88)
at com.co3.web.filter.CSRFTokenFilter.doFilter(CSRFTokenFilter.java:70)
------------------------------
A P
Original Message:
Sent: Tue November 05, 2024 10:20 AM
From: AnnMarie Norcross
Subject: Attach file using REST Attachment API failing
Hi AP
Can you provide more information? Are you trying to add an attachment in a function or are you trying to use the REST API app to make the call? Can you provide code and the error you are seeing?
------------------------------
AnnMarie Norcross
Original Message:
Sent: Tue November 05, 2024 08:09 AM
From: A P
Subject: Attach file using REST Attachment API failing
Hi,
We have been trying to attach a file to incidents using the REST API POST /rest/orgs/201/incidents/{incident_id}/attachments and an API key, however it fails.
Attaching the file using the curl command is successful: curl -k -u "id:key" -X POST -F file=@./test.txt https://{soar_url}/rest/orgs/201/incidents/{incident_id}/attachments and it also works via the GUI.
I believe we see CSRF token errors in the logs when trying the API, however we are not sure how to fix it if using the API key (not a user account).
Please can anyone share how to attach a file using the REST API with an API key?
Thanks,
------------------------------
A P
------------------------------