Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 7 replies
  • Answers 4 answers
  • Subscribers 37 subscribers
  • Views 2653 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

API call via curl

njabi

Hi folks,

I had some trouble with SFOS 18.0.4 regarding IPSec-Connections with dynamic ip, see here.

To create a workaround I dived a bit deeper into the Sophos XG API to bring the connection down and up again manually but scripted.

I created the API request with following strings to cut down the connection:

https://DNSofXG:4444/webconsole/APIController?reqxml=<Request><Login><Username>apiadmin</Username>
<Password passwordform="encrypt">XXXXX</Password></Login><Set><VPNIPSecConnection><DisConnection>
<Name>NameOfIPSecConnection</Name></DisConnection></VPNIPSecConnection></Set></Request>

The request is working softly while it is triggered by my web browser (Chromium Edge) but it is not working with curl!

My plan is to trigger the XML API request via curl from a linux-machine like this:

https://DNSofXG:4444/webconsole/APIController?reqxml=<Request><Login>
<Username>apiadmin</Username><Password passwordform="encrypt">XXXXX</Password>
</Login><Set><VPNIPSecConnection><DisConnection><Name>NameOfIPSecConnection</Name>
</DisConnection></VPNIPSecConnection></Set></Request>

But the request is running into.

<?xml version="1.0" encoding="UTF-8"?>
<Response>
  <Status code="529">Input request file is Invalid</Status>
</Response>

Tried to put the IP adress instead of dns but still the same output with curl.

Help needed from you, guys!



This thread was automatically locked due to age.
  • 0

    I put this thing aside for a while and came back to try to use curl with decrypted password, or rather: the 'real' password for the user in the xml call.
    Works like charm. Would be nice if this can be fixed soon...

    https://DNSofXG:4444/webconsole/APIController?reqxml=<Request><Login><Username>apiadmin</Username>
<Password>XXXXX</Password></Login><Set><VPNIPSecConnection><DisConnection>
<Name>NameOfIPSecConnection</Name></DisConnection></VPNIPSecConnection></Set></Request>

  • FormerMember
    0 FormerMember in reply to njabi

    Hi ,

    Pleae first create .xml file.

    =================================================
    test# cat testapi.xml

    <Request><Login><Username>apiadmin</Username><Password passwordform="encrypt">XXXXX</Password></Login><Set><VPNIPSecConnection><DisConnection><Name>NameOfIPSecConnection</Name></DisConnection></VPNIPSecConnection></Set></Request>

    =================================================
    And then run the following command:

    test# curl -k DNSofXG:4444/.../APIController -F "reqxml=<testapi.xml"

    Please refer to the article below for more information on "How to resolve status code 529"

    support.sophos.com/.../KB-000039879

  • 0 in reply to FormerMember

    Hi Yash - thanks for the hint! Tried that but still the same: I can successfully do the API call via browser but not able to do this with encrypted passwordform via curl.

  • FormerMember
    0 FormerMember in reply to njabi

    Please refer to the article below to get the encrypted password.

    support.sophos.com/.../KB-000038829

    We tried to run the XML API request by following the below steps and got success response.

    =========================================================

    ==> Created .xml file using vi editor.

    test:/root # vi abcd.xml

    ==> Added the following lines

    <Request><Login><Username>apiadmin</Username><Password passwordform="encrypt">2ABCD12345EFGH6789IJKLM</Password></Login><Set><VPNIPSecConnection><DisConnection><Name>ipsec_tunnel</Name></DisConnection></VPNIPSecConnection></Set></Request>

    ==> Save the changes with the :wq command in vi.

    test:/root # cat abcd.xml
    <Request><Login><Username>apiadmin</Username><Password passwordform="encrypt">2ABCD12345EFGH6789IJKLM</Password></Login><Set><VPNIPSecConnection><DisConnection><Name>ipsec_tunnel</Name></DisConnection></VPNIPSecConnection></Set></Request>

    ==> And then run below command to call abcd.xml file.

    test:/root # curl -k xx.xx.xx.xx:4444/.../APIController -F "reqxml=<abcd.xml"
    <?xml version="1.0" encoding="UTF-8"?>
    <Response APIVersion="1800.2" IPS_CAT_VER="1">
    <Login>
    <status>Authentication Successful</status>
    </Login>
    <DisConnection transactionid="">
    <Status code="200">Configuration applied successfully.</Status>
    </DisConnection>
    </Response>
    test:/root #

    =========================================================

  • 0 in reply to FormerMember

    Hi Yash, works like charm while having a dedicated xml-file set. I like to do the curl-command as I am doing it in the browser like this:

    curl -k 'https://xxx.xxx.xxx.xxx:4444/webconsole/APIController?reqxml=<Request><Login><Username>apiadmin</Username><Password passwordform="encrypt">xxxxx</Password></Login><Set><VPNIPSecConnection><DisConnection><Name>ipsec_connection</Name></DisConnection></VPNIPSecConnection></Set></Request>'

    I am still running into the above mentioned error here. I am pretty sure that is is about a syntax error in the command...

  • 0

    Made it work either using a file:

    curl -k https://DNSofXG:4444/webconsole/APIController -F "reqxml=<xmlfilename.xml"

    or using the command directly with curl on cli

    curl -k "https://DNSofXG:4444/webconsole/APIController" -d 'reqxml=<Request><Login><Username>apiadmin</Username><Password passwordform="encrypt">myencryptedpw</Password></Login><Set><VPNIPSecConnection><DisConnection><Name>ipsec_connectionname</Name></DisConnection></VPNIPSecConnection></Set></Request>'

    Thanks to for the help

  • FormerMember
    0 FormerMember in reply to njabi

    Glad to hear that an issue has been resolved.

Unfiltered HTML