API = Application Programming Interface
*Note: *Sophos Central useses Java Script Object Notation (JSON) as a content type for all of our public facing APIS
As a possible solution to your business needs, we do offer two integrations with primary vendors in the Professional Services and Automation space where this data can be synced directly from Sophos Central Partner Admin.See Autotask and ConnectWise PSA integration documentation for more details.
I copied your cURL script for authentication directly from your Getting Started Guide in the developer.sophos.com portal but am receiving the following errors:
Our script contains back slashes “/” to make the command easier to read. These extraneous characters as well as, all returns and line breaks must be removed in order for the script to execute successfully.
The cURL sample provided in our Developer portal was a general example written for a standard curl.exe application and the syntax may differ depending on how and where it is executed. Specifically, different versions of Powershell handle cURL differently. In terms of the specific error referenced above, it looks as though cURL is just an alias for the Invoke-WebRequest Powershell command. According to Powershell documentation, it doesn’t like a string being passed for the Headers value, but rather requests an iDictionary or hash value to be defined in it’s place.
Below is a command written specifically for Powershell:Invoke-WebRequest -Method POST -Uri id.sophos.com/.../token -ContentType "application/x-www-form-urlencoded" -Body"grant_type=client_credentials&client_id=XXXXXXXX6&client_secret=XXXXXXXX&scope=token"
The original SIEM API was a large unstructured data dump of only Alerts and Events (community.sophos.com/.../125398)
The New Sophos Central APIs (https://developer.sophos.com/)
Yes, at current the original Alert and Event APIs are still available. At some point in the future we will publish a new API following our current standards and this API will become deprecated.