How to retrieve the Core Agent version from a device via API?

You can use the endpoints api call:

https://developer.sophos.com/docs/endpoint-v1/1/routes/endpoints/%7BendpointId%7D/get

There is an 'assignedProducts' array that is returned. This has the version of the products assigned to that endpoint. 

Thank you for this information.

I've run into a bit of trouble in getting to the point where I can call the endpoints API.

I start out by calling the Authenticate endpoint to get my access token. I then use this access token to call the whoami endpoint- this returns an organization id and calls out my access as being an "organization", following along in the documentation at https://developer.sophos.com/getting-started-organization I then call the enumerate tenants endpoint (using the organization id I just retrieved from the whoami) so I can get a list of tenants and their associated data regions so I can use the data region to in the endpoints API call.

My trouble is that the return from the enumerate tenants API call is "Forbidden" and "Access Denied".

Thoughts on where I may be going wrong in my approach?

Thanks,

Brian

Are you passing the access token? Is that api creds created at the Enterprise Dashboard level or in one of the estates?

I am passing in the access token. The same token I use in whoami just to verify it is valid.

The API creds I am using were created at the enterprise dashboard level.

can you paste in the call you are making. Please ### out your tokens and id. I just want to confirm the format.

Hi RichardP-

I'm using postman for these API requests.

I first call the Authenticate API to get my access token.

Next step I call whoami to verify the access token and get the org id.

Then I use the same access token and organization id to try to pull the list of tenants

Thanks,

Brian

The url should be https://api.central.sophos.com/partner/v1/tenants?pageTotal=true

Try that and advise what happens.

Adding the ?pageTotal=true gives me:

Should I be using the partner API?

Adding the ?pageTotal=true gives me:

Should I be using the partner API?

I depends on how the accounts are created If they were created/linked to the partner dashboard - then go through there. If they are linked through an Enterprise Dashboard - and can be managed there (ie., you can click on them and launch the specific Central Dashboard there) then you do the Enterprise Dash path. Basically, the API token needs to be in the up stream permissions set to access the children. 

I just tested all the steps in the Enterprise Dashboard process and they all worked properly. I used curl to make sure Postman wasn't adding anything strange. 

Here is the request I used to do that action:

curl -XGET -H "Authorization: Bearer eyJ0e****SbxH-16u1-GU" \
-H "X-Organization-ID: 93***cb" \
api.central.sophos.com/.../tenants

argh, the forum made it a hyperlink - hover over it to see the complete URL you need to use.

Here is what I get when I follow the steps using curl

PS C:\Users\brian> curl.exe -XPOST -H "Content-Type:application/x-www-form-urlencoded" -d "grant_type=client_credentials&client_id=d****5&client_secret=3****4&scope=token" id.sophos.com/.../token
{"access_token": "e****E", "errorCode": "success", "expires_in": 3600, "message": "OK", "refresh_token": "e****3", "token_type": "bearer", "trackingId": "d7006bf5-55c4-4a95-82fe-edac1c1433a8"}

PS C:\Users\brian> curl.exe -XGET -H "Authorization: Bearer e****E" api.central.sophos.com/.../v1
{"id":"a****6","idType":"organization","apiHosts":{"global":"">api.central.sophos.com"}}

PS C:\Users\brian> curl.exe -XGET -H "Authorization: Bearer e****E" -H "X-Organization-ID: a****6" api.central.sophos.com/.../tenants
{
"error": "Forbidden",
"correlationId": "962c24eb-0c16-464b-96de-49c380e9231d",
"requestId": "362a5608-1657-40cc-9d17-c747b3ad1f2d",
"createdAt": "2022-03-25T18:51:33.266Z",
"message": "Access Denied"
}

PS C:\Users\brian> curl.exe -XPOST -H "Content-Type:application/x-www-form-urlencoded" -d "grant_type=client_credentials&client_id=d****5&client_secret=3****4&scope=token" https://id.sophos.com/api/v2/oauth2/token
{"access_token": "e****E", "errorCode": "success", "expires_in": 3600, "message": "OK", "refresh_token": "e****3", "token_type": "bearer", "trackingId": "d7006bf5-55c4-4a95-82fe-edac1c1433a8"}


PS C:\Users\brian> curl.exe -XGET -H "Authorization: Bearer e****E" https://api.central.sophos.com/whoami/v1
{"id":"a****6","idType":"organization","apiHosts":{"global":"https://api.central.sophos.com"}}


PS C:\Users\brian> curl.exe -XGET -H "Authorization: Bearer e****E" -H "X-Organization-ID: a****6" https://api.central.sophos.com/organization/v1/tenants?pageTotal=true
{
"error": "Forbidden",
"correlationId": "962c24eb-0c16-464b-96de-49c380e9231d",
"requestId": "362a5608-1657-40cc-9d17-c747b3ad1f2d",
"createdAt": "2022-03-25T18:51:33.266Z",
"message": "Access Denied"
}

ok, that looks like the creds you are using don't have access to that level of the data structure. What role did you give it?

Right now I am using read only creds.
What level of credentials do I need to pull the tenants list?

To translate down to query that level you need Admin rights because it exposes information for multiple estates.