Bulk Isolation API call

I've searched everywhere, but have not found the answer to exactly how to structure the data array for the API for isolation of multiple systems.

When I use the structure documented on the developer site, I can't get anything other than "error": "UnsupportedMediaType", Here is my latest error report:

{
"error": "UnsupportedMediaType",
"correlationId": "a389e2ce-5848-4830-a688-c33a4c868224",
"requestId": "21fc7364-7692-478f-9378-2b705eca5435"
}

The data section I'm using is like this:

--data '{"enabled":true,"ids":["<sophos_id>","<sophos_id>","<sophos_id>"]}'

where "<sophos_id>" can be replaced with the unique endpoint id strings I already retrieved from an endpoints api call. The request section looks like this:

--request POST "">api-<region>.central.sophos.com/.../isolation"

I've also tried using PATCH with the same result. The error I'm getting indicates that the --data request is incorrectly formatted, but no matter what adjustments I make to the array, I get the same error.

What am I missing?

  • The good news is that I have been able to successfully isolate multiple devices using Postman with a "raw" body format. Postman uses the --data-raw payload designator which works. However, taking the code from Postman and submitting it directly with curl fails but now it returns "Bad Request" rather than UnsupporterMediaType.

  • It appears the API call for "lastSeenBefore=" cannot retrieve any items prior to the beginning of the year. "lastSeenBefore=2020-12-31" returns no errors but also no items. An API call using "lastSeenBefore=-P90D" successfully retrieves items but none with last activity prior to 1/1/21