cancel
Showing results for 
Search instead for 
Did you mean: 
Highlighted

ESM API 10.2 User Privileges

Jump to solution

Hi,

I followed the guide to use the API v2 (https://kc.mcafee.com/corporate/index?page=content&id=KB90289&actp=null&viewlocale=en_US&showDraft=f...) and I am able to login. However, once I call a function I get this error;

"code" : "70",
"message" : "Not Authorized User",
"errors" : [ ]

Which user has access to do API calls and can specific users be set to use the API.

Thank You.

0 Kudos
1 Solution

Accepted Solutions

Re: ESM API 10.2 User Privileges

Jump to solution

Okay..I got it working in python.. Here is the code for anyone interested:

user = "username in base64"
passwd = "password in base64"
base_url = 'https://ip-address/rs/esm/v2/'

params = {"username": user,"password": passwd,"locale": "en_US"}
headers = {'Content-Type': 'application/json'}

"""""""""""""""""""""""""""""""""""""""""""""""""
Log into the ESM
"""""""""""""""""""""""""""""""""""""""""""""""""
method = 'login'
url = base_url+method
data = json.dumps(params)
resp = requests.post(url, data=data,headers=headers, verify=False)

"""""""""""""""""""""""""""""""""""""""""""""""""
Get Cookie and Xref Token
"""""""""""""""""""""""""""""""""""""""""""""""""
headers['Cookie'] = resp.headers.get('Set-Cookie')
headers['X-Xsrf-Token'] = resp.headers.get('Xsrf-Token')

"""""""""""""""""""""""""""""""""""""""""""""""""
Make API calls by changing method
"""""""""""""""""""""""""""""""""""""""""""""""""
method = 'essmgtGetESSTime'
url = base_url+method
resp = requests.post(url, headers=headers,verify=False)
print (resp.text)

 

3 Replies
fisheatdog
Level 7

Re: ESM API 10.2 User Privileges

Jump to solution

Once you login with your basic-encoded Authorization credentials, ESM API 10.x will return a xsrf-token in the headers. Copy this value and add the token as "X-Xsrf-Token" in your future request headers. Now you should authenticate your session correctly.

So:

  1. POST /rs/esm/login (w/ your json encoded credentials)
  2. retrieve xsrf-token
  3. execute any command, ie GET /rs/esm/qryGetFilterFields
    1. with X-Xsrf-Token = {{your-token}}

 

0 Kudos

Re: ESM API 10.2 User Privileges

Jump to solution

I have done that.. This is the command..

curl --cookie 'JTWToken Path=/; Secure; HttpOnly'' -H 'Xsrf-Token: CSRFToken '  -H 'Content-Type: application/json' -X POST https://ip-addrress/rs/esm/v2/essmgtGetESSTime 

and this is the response:

"code" : "70",
"message" : "Not Authorized User",
"errors" : [ ]

0 Kudos

Re: ESM API 10.2 User Privileges

Jump to solution

Okay..I got it working in python.. Here is the code for anyone interested:

user = "username in base64"
passwd = "password in base64"
base_url = 'https://ip-address/rs/esm/v2/'

params = {"username": user,"password": passwd,"locale": "en_US"}
headers = {'Content-Type': 'application/json'}

"""""""""""""""""""""""""""""""""""""""""""""""""
Log into the ESM
"""""""""""""""""""""""""""""""""""""""""""""""""
method = 'login'
url = base_url+method
data = json.dumps(params)
resp = requests.post(url, data=data,headers=headers, verify=False)

"""""""""""""""""""""""""""""""""""""""""""""""""
Get Cookie and Xref Token
"""""""""""""""""""""""""""""""""""""""""""""""""
headers['Cookie'] = resp.headers.get('Set-Cookie')
headers['X-Xsrf-Token'] = resp.headers.get('Xsrf-Token')

"""""""""""""""""""""""""""""""""""""""""""""""""
Make API calls by changing method
"""""""""""""""""""""""""""""""""""""""""""""""""
method = 'essmgtGetESSTime'
url = base_url+method
resp = requests.post(url, headers=headers,verify=False)
print (resp.text)