- Subscribe to RSS Feed
- Mark as New
- Mark as Read
- Bookmark
- Subscribe
- Printer Friendly Page
- Report Inappropriate Content
on 12-10-2015 09:10 PM
The following are step-by-step instructions on how to access the Cisco PSIRT openVuln API.
Step 1: Access the Cisco API console at: https://apiconsole.cisco.com
Step 2: Login with your CCO credentials (login is only available to registered Cisco customers and partners).
Step 3: Register your application and obtain your client credentials.
Step 4: Once you register your application and obtain your client ID and client secret, the next step is to obtain an authorization token. Authorization tokens in the Cisco PSIRT openVuln API are valid for one (1) hour. The following example demonstrates how to get the token using the curl utility.
curl -s -k -H "Content-Type: application/x-www-form-urlencoded" -X POST -d "client_id=<client_id>" -d "client_secret=<client_secret>" -d "grant_type=client_credentials" https://cloudsso.cisco.com/as/token.oauth2
For example:
omar@omar:~$ curl -s -k -H "Content-Type: application/x-www-form-urlencoded" -X POST -d "client_id=XXXXXXXX" -d "client_secret=YYYYYYYY" -d "grant_type=client_credentials" https://cloudsso.cisco.com/as/token.oauth2
{"access_token":"ytuopLCGZxBFN5O0hnL1M2QX2QVp","token_type":"Bearer","expires_in":3599}
Step 5: Make API calls to https://api.cisco.com/security/... The following example uses the curl command to retrieve CVRF files for all Cisco Security Advisories.
curl -X GET -s -k -H "Accept: application/json" -H "Authorization: Bearer uayEoKBrv0nfjrUavwix1ye8ZoNO" https://api.cisco.com/security/advisories/cvrf/all
The following example demonstrates how to obtain the latest 10 advisories:
curl -X GET -s -k -H "Accept: application/json" -H "Authorization: Bearer uayEoKB
rv0nfjrUavwix1ye8ZoNO" https://api.cisco.com/security/advisories/cvrf/latest/10
For more information about the available RESTful resource URIs and the Cisco PSIRT openVuln API visit: Cisco DevNet: PSIRT
- Mark as Read
- Mark as New
- Bookmark
- Permalink
- Report Inappropriate Content
The KEY means client_id, CLIENT SECRET means client_secret, right ?
But I got 401 response
{ "error_description": "Invalid client or client credentials.", "error": "invalid_client" }
- Mark as Read
- Mark as New
- Bookmark
- Permalink
- Report Inappropriate Content
I created a another new application and it works with the new id and secret.
In the second creation, I just choose only one Grant Type : "Client Credentials"