IBM Security QRadar SOAR

 View Only
Expand all | Collapse all

Passing API key in rest_header is for utilites:Call REST API

  • 1.  Passing API key in rest_header is for utilites:Call REST API

    Posted Fri June 10, 2022 10:02 AM
    Hi,

    I am trying making API calls using utilites:Call REST API to GITHUB. But when I am making get request for authenticated user using rest_headers to pass API token I am getting error 400 as Bad Request. 
    syntext I am using is as :
    inputs.rest_headers = """
    "Authorization": "token"+ git_token
    "Accept: application/vnd.github.v3+json"
    """

    Error I am getting

    Traceback (most recent call last): File "/opt/app-root/lib/python3.6/site-packages/resilient_lib/components/requests_common.py", line 163, in execute response.raise_for_status() File "/opt/app-root/lib/python3.6/site-packages/requests/models.py", line 960, in raise_for_status raise HTTPError(http_error_msg, response=self) requests.exceptions.HTTPError: 400 Client Error: Bad Request for url: https://api.github.com/user/repos During handling of the above exception, another exception occurred: Traceback (most recent call last): File "/opt/app-root/lib/python3.6/site-packages/fn_utilities/components/utilities_call_rest_api.py", line 58, in _call_rest_api_function headers_dict, cookies_dict, rest_body, rest_verify, rest_timeout) File "/opt/app-root/lib/python3.6/site-packages/fn_utilities/components/utilities_call_rest_api.py", line 116, in make_rest_call timeout=rest_timeout) File "/opt/app-root/lib/python3.6/site-packages/resilient_lib/components/requests_common.py", line 171, in execute raise IntegrationError(msg) resilient_lib.components.integration_errors.IntegrationError: '400 Client Error: Bad Request for url: https://api.github.com/user/repos'




    ------------------------------
    Neeraj Kurmanchali
    ------------------------------


  • 2.  RE: Passing API key in rest_header is for utilites:Call REST API

    Posted Mon June 13, 2022 08:47 AM
    Hi

    Authorization value is "Basic <BASE64>" where <BASE64> is base64(<USERNAME>:<PASSWORD>)

    For example, let's say your API KEY username is XYZXYZXYZ and password is ABCABCABC

    Then you have to get the Base64 encoding for XYZXYZXYZ:ABCABCABC

    For example, use this site

    https://www.base64encode.org/ and you'll see it will be WFlaWFlaWFlaOkFCQ0FCQ0FCQw==

    Then your Authorization header value will be

    Basic WFlaWFlaWFlaOkFCQ0FCQ0FCQw==


    ------------------------------
    []

    Leonardo Kenji Shikida
    ------------------------------



  • 3.  RE: Passing API key in rest_header is for utilites:Call REST API

    Posted Tue June 14, 2022 04:38 AM
    Thanks Leonardo,
     Still getting same error.

    I tried with following header

    inputs.rest_headers = """{
    "Authorization":"Basic <BASE64 API Key>"
    "Accept: application/vnd.github.v3+json"
    }
    """

    ------------------------------
    Neeraj Kurmanchali
    ------------------------------



  • 4.  RE: Passing API key in rest_header is for utilites:Call REST API

    Posted Tue June 14, 2022 08:48 AM

    Try 'Content-Type: application/json'

    I think it should be something like this

    inputs.rest_headers = """
    'Content-Type: application/json'\n'Authorization: Basic WFlaWFlaWFlaOkFCQ0FCQ0FCQw=='
    """

    For example


    ------------------------------
    []

    Leonardo Kenji Shikida
    ------------------------------



  • 5.  RE: Passing API key in rest_header is for utilites:Call REST API

    Posted Wed June 15, 2022 03:59 AM
    Hi Leonardo 

    Thanks for you replies.

    I tried in the above syntax but it says unauthorized to access , while I can make the REST call with same credentials in Pycharm.
    Error Message: 

    IntegrationError(msg) resilient_lib.components.integration_errors.IntegrationError: '401 Client Error: Unauthorized for url: https://api.github.com/user/repos'

    I will now test it with some different API endpoints and will update the case.


    ------------------------------
    Neeraj Kurmanchali
    ------------------------------



  • 6.  RE: Passing API key in rest_header is for utilites:Call REST API

    Posted Wed June 15, 2022 06:37 AM
    Edited by Neeraj Kurmanchali Wed June 15, 2022 06:40 AM
    Hi Leo,

    Thanks its working now. Tries with same Syntax and regenerated the API key.


  • 7.  RE: Passing API key in rest_header is for utilites:Call REST API

    Posted Wed June 15, 2022 08:13 AM
    I am glad to hear that. Thank you for letting us know!

    ------------------------------
    []

    Leonardo Kenji Shikida
    ------------------------------



  • 8.  RE: Passing API key in rest_header is for utilites:Call REST API

    Posted Tue June 21, 2022 07:50 AM
    Hi Leonardo ,

    Now I tried with another API endpoint but error od unauthrized access is coming. Can you advise anything here ?

    Expected request format is as follows:

    curl 'https://api.threatstream.com/api/v2/intelligence/?itype=bot_ip' -H 'Authorization: 'Authorization: apikey <username>:<api_key>

    I tried to convert <username>:<api_key> in base54 and then use it but it throws same error. 

    inputs.rest_headers = """
    Authorization: Basic ' <username>:<api_key>
    """
    Also tried with 

    inputs.rest_headers = """
    Authorization: Basic  <username>:<api_key>
    """

    ------------------------------
    Neeraj Kurmanchali
    ------------------------------



  • 9.  RE: Passing API key in rest_header is for utilites:Call REST API

    Posted Tue June 21, 2022 11:20 AM
    Hi

    Your question seems to be out of the scope of IBM SOAR.

    Leo

    ------------------------------
    []

    Leonardo Kenji Shikida
    ------------------------------



  • 10.  RE: Passing API key in rest_header is for utilites:Call REST API

    Posted Wed June 22, 2022 01:34 AM
    Okay Leonardo 

    Thanks for your response !

    ------------------------------
    Neeraj Kurmanchali
    ------------------------------