Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

REST API - problem with special signs in api admin password

There were some discussions in past about special signs in rest api admin password. For instance https://community.sophos.com/xg-firewall/f/discussions/124256/sophos-xg-firewall-rest-api-authentication-with-special-characters

Today I found this : 

when I used this password at XG with 18.0.4 

QQ88Yjhjk&JKH87Etw.65

I got this message : <Status code="529">Input request file is Invalid</Status>

If I used name and password for login via GUI (internet explorer), I was successful.

I found out that sign & was the reason. When I substitute it with other sign (\) I am able to use REST API with account ...



This thread was automatically locked due to age.
  • FormerMember
    0 FormerMember

    Hi ,

    Thank you for reaching out to Sophos Community.

    I'll check this internally and will update the thread.

  • Hello,

    you can use in your API call the encrypted password:

    Get encrypted password on CLI:

    opcode GetEncripted_PasswordFor_API -t json -b '{"password":"_*whateverpasswordisbeingused*_"}' -ds nosync

    Use it in API call:

    <Request> <Login> <Username>Username</Username> <Password passwordform='encrypt'>Encrypted_Password</Password> </Login> </Request>

    See:

       

    If a post solves your question please use the 'Verify Answer' button.

  • FormerMember
    0 FormerMember

    Hi ,

    '&' is used as an argument separator in URL.

    You need to use '%26amp;' in place of '&' in password while running API through the browser.

    Use QQ88Yjhjk%26amp;JKH87Etw.65 in string.

    xx.xx.xx.xx:4444/.../APIControllerQQ88Yjhjk%26amp;JKH87Etw.65</Password></Login></Request>

    For other special characters you need to use their URL encoded values. You can find the encoded values from below URL.

    www.w3schools.com/.../ref_urlencode.ASP

    For other special characters, you just need to replace a special character with its encoded value.

    eg. If the password contains # then just replace the character with %23

    Password: abc#def

    Password in API string: abc%23def