requesting endpoints - suddenly forbidden - key not working anymore for getting endpoints

Hello Sophos Central API Support,

 we have been using the Sophos API for some months now and we never had problems receiving a token,  tenants and endpoint data using always one key.

We have asked Sophos Support about this problem but  the answer did not help us further and we should now ask this in the Sophos Central API forum.

Now this month september 2021, we have started to collect the september data and nothing in our software has been changed.

But now we get the Error ‘Forbidden’ by trying to get the Endpoints of a tenant.

Current temporarily Solution : We created a new key (with the same rights) and used it in our software and it works again, but we have a lot of configurations with the old key who has stopped working and perhaps we can fix this so we do not have to reconfigure, which will be lot of work to do.

There are 2 suggestions from Sophos Support what we can to do find out the reason for the problem:

  1. Verify with postman: We tried to verify the error with postman and got the same error.
  2. We should use Logz.io to analyse the traffic. We created a Trial Account which we should use to analyse the traffic details.
    We are not able to find the Option to “request the full query”. We never used this tool before, so we need detailed instructions, how to use it, to get the desired information.

 

Our Question: Why did the old account stop working, while the new account, with the same rights, is working?

Kind regards

Ralph Felger

Parents Reply Children
  • Hi GlennSen,

    our software runs on demand, i will have to start it manually and i asked in the reply before :

    please tell me when we can start a new test run with our software to detect the problem with the key.

    we did not have started our test run because i have got no reply on this question

    can i start a test run anytime with our software to detect the problem with the key.?

    i will now start a test run with the problem key.

    here are the results trying to get the endpoints  for  the tenants:

    {
    "error": "forbidden",
    "correlationId": "c2de9c9b-1a1a-409f-8c9e-71c4d19bec84",
    "requestId": "9a0e7afb-30a6-4685-b4bf-7b73d93837d8",
    "createdAt": "2021-10-08T06:06:45.437Z",
    "message": "Forbidden"
    }

    {
    "error": "forbidden",
    "correlationId": "cfbb6196-d892-4c15-8dc7-dd619a14bd02",
    "requestId": "d6b02775-fa8c-43a9-b046-78175e18ffac",
    "createdAt": "2021-10-08T06:07:58.485Z",
    "message": "Forbidden"
    }

    Kind Regards

    Ralph Felger

  • Hi GlennSen,

    since we haven't heard from each other for some time:

    Have you been able to verify our testrun with the given key? Should we start a new test run with our softwareOr can we support you in other ways in solving the problem?

    Kind Regards

    Ralph Felger