Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

REST API - problem with special signs in api admin password

There were some discussions in past about special signs in rest api admin password. For instance https://community.sophos.com/xg-firewall/f/discussions/124256/sophos-xg-firewall-rest-api-authentication-with-special-characters

Today I found this : 

when I used this password at XG with 18.0.4 

QQ88Yjhjk&JKH87Etw.65

I got this message : <Status code="529">Input request file is Invalid</Status>

If I used name and password for login via GUI (internet explorer), I was successful.

I found out that sign & was the reason. When I substitute it with other sign (\) I am able to use REST API with account ...



This thread was automatically locked due to age.
Parents
  • FormerMember
    0 FormerMember

    Hi ,

    '&' is used as an argument separator in URL.

    You need to use '%26amp;' in place of '&' in password while running API through the browser.

    Use QQ88Yjhjk%26amp;JKH87Etw.65 in string.

    xx.xx.xx.xx:4444/.../APIControllerQQ88Yjhjk%26amp;JKH87Etw.65</Password></Login></Request>

    For other special characters you need to use their URL encoded values. You can find the encoded values from below URL.

    www.w3schools.com/.../ref_urlencode.ASP

    For other special characters, you just need to replace a special character with its encoded value.

    eg. If the password contains # then just replace the character with %23

    Password: abc#def

    Password in API string: abc%23def

Reply
  • FormerMember
    0 FormerMember

    Hi ,

    '&' is used as an argument separator in URL.

    You need to use '%26amp;' in place of '&' in password while running API through the browser.

    Use QQ88Yjhjk%26amp;JKH87Etw.65 in string.

    xx.xx.xx.xx:4444/.../APIControllerQQ88Yjhjk%26amp;JKH87Etw.65</Password></Login></Request>

    For other special characters you need to use their URL encoded values. You can find the encoded values from below URL.

    www.w3schools.com/.../ref_urlencode.ASP

    For other special characters, you just need to replace a special character with its encoded value.

    eg. If the password contains # then just replace the character with %23

    Password: abc#def

    Password in API string: abc%23def

Children
No Data