Advisory: Sophos Endpoint "Your connection isn't private" after reboot. Policy settings can be returned to normal. See: KB-000045954 for the latest updates.

Pagination Issues with getting Common/Admins API Requests

I am attempting to create a script to call the Sophos API for a list of admins for auditing purposes. Specifically using this reference: https://developer.sophos.com/docs/common-v1/1/routes/admins/get

I am trying to pull this information using Powershell with the following code (leaving out the authentication, as that's working fine):

$users = @()
$pageNum = 1

do {

	$URL = $dataRegion +"/common/v1/admins?page=" + $pageNum + "&pageTotal=true"
	$users_resp = Invoke-RestMethod -Method Get -Headers @{Authorization="Bearer $($authResponse.access_token)"; "X-Tenant-ID"=$whoami_resp.id; "Accept"="application/json"} $URL
    
    foreach($user in $users_resp.items)
    {
        $users += [PSCustomObject]@{
            FirstName = $user.profile.firstName
            LastName = $user.profile.lastName
            Email = $user.profile.email
        }
    }
	$pageNum += 1
} while ($pageNum -le $users_resp.pages.total)

What is happening when I go through $users, is that for every page I have, I am getting a copy of the results of page 1. So if I my page size is 50 and I have 5 pages, I am getting 5 copies of the first 50 users in my list.

Here's what I've done to troubleshoot this:

  • I have verified that $pageNum is enumerating correctly and that the $URL is being updated. I've taken this out of the do while loop and gotten the same results just passing a static $pageNum.
  • I tried adding the pageSize parameter, and setting it lower and higher than the default 50. Same issue.
  • I statically set the $URL variable to be the full string rather than concatenating variables (since powershell doesn't play nice with concatination). Same issue where it only pulled the first page.
  • I swapped the "/common/v1/admins" portion of the $URL string with "/endpoint/v1/endpoint-groups" since they use a similar pagination style, and it works completely fine with the endpoint groups. Reference: developer.sophos.com/.../get

This seems to be something broken on the Sophos API end, but I'm not too sure. Any help would be appreciated. Thanks.