cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

Choose one of the topics below for SD-WAN Resources to help you on your journey with SD-WAN

This community is for technical, feature, configuration and deployment questions.
For production deployment issues, please contact the TAC!
We will not comment or assist with your TAC case in these forums.

295
Views
0
Helpful
8
Replies
Beginner

vManage API - GET works, POST fails

Hello,

 

With 19.2 I'm having trouble with the API calls, in my python scripts and POSTMAN.

For a GET with BasicAuth I get the expected results. For example with 

"viptela.net:443/dataservice/device/action/software/vedge/version?api_key=version" I get the expected output as generated with the apidocs
 
For a PUT, for example 
"viptela.net:443/dataservice/alarms"
I get the below. Any ideas?
My requests work on the sandbox and apidocs... However Its supper sluggish and I'm unable to login to the gui to verify version etc.
I also included the body of the POST below.
 
<html>

<head>
	<title>Error</title>
</head>

<body>SessionTokenFilter: Token provided via HTTP Header does not match the token generated by the server.</body>

</html>
{

  "query": {

    "condition": "AND",

    "rules": [

      {

        "value": [

          "3"

        ],

        "field": "entry_time",

        "type": "date",

        "operator": "last_n_hours"

      },

                  {"value": ["major"], "field": "severity_level", "type": "string", "operator": "in"},

                  {"value": ["App-Route"], "field": "component", "type": "string", "operator": "in"},

                  {"value": ["100.90.3.4"], "field": "system_ip", "type": "string", "operator": "in"},

                  {"value": ["sla-change","sla-violation","sla-violation-pkt-drop"],"field": "eventname","type": "string","operator": "in"}

    ]

  },

  "size": 10000

}
 
1 ACCEPTED SOLUTION

Accepted Solutions
Cisco Employee

Re: vManage API - GET works, POST fails

Hi, 

 

With 19.2 vManage version, API authentication is enhanced to include token in the POST/PUT/DELETE request Headers.

 

 

Once login(/j_security_check) is successful run GET request to retrieve token and add it to session headers of subsequent POST/PUT/DELETE requests. 

Method: GET

Request URL: https://vmanage-ip:vmanage-port/dataservice/client/token

Store the response XSRF-TOKEN in session headers using “sess.headers['X-XSRF-TOKEN'] = login_token.content”

 

Sample python code:

 

def login(self):
        
        base_url = 'https://%s:%s/'%(self.vmanage_host,self.vmanage_port)
        login_action = '/j_security_check'

        #Format data for loginForm

        login_data = {'j_username' : username, 'j_password' : password}

        #URL for posting login data

        login_url = base_url + login_action

        #URL for retrieving client token
        token_url = base_url + 'dataservice/client/token'

        sess = requests.session()
        
        #If the vmanage has a certificate signed by a trusted authority change verify to True
        login_response = sess.post(url=login_url, data=login_data, verify=False)
        if b'<html>' in login_response.content:
            print ("Login Failed")
            exit(0)
            
        #update token to session headers
        
        login_token = sess.get(url=token_url, verify=False)

        if login_token.status_code == 200:
            if b'<html>' in login_token.content:
                print ("Login Token Failed")
                exit(0)
            
            sess.headers['X-XSRF-TOKEN'] = login_token.content
            self.session[vmanage_host] = sess

 

 

8 REPLIES 8
Cisco Employee

Re: vManage API - GET works, POST fails

Hi, 

 

With 19.2 vManage version, API authentication is enhanced to include token in the POST/PUT/DELETE request Headers.

 

 

Once login(/j_security_check) is successful run GET request to retrieve token and add it to session headers of subsequent POST/PUT/DELETE requests. 

Method: GET

Request URL: https://vmanage-ip:vmanage-port/dataservice/client/token

Store the response XSRF-TOKEN in session headers using “sess.headers['X-XSRF-TOKEN'] = login_token.content”

 

Sample python code:

 

def login(self):
        
        base_url = 'https://%s:%s/'%(self.vmanage_host,self.vmanage_port)
        login_action = '/j_security_check'

        #Format data for loginForm

        login_data = {'j_username' : username, 'j_password' : password}

        #URL for posting login data

        login_url = base_url + login_action

        #URL for retrieving client token
        token_url = base_url + 'dataservice/client/token'

        sess = requests.session()
        
        #If the vmanage has a certificate signed by a trusted authority change verify to True
        login_response = sess.post(url=login_url, data=login_data, verify=False)
        if b'<html>' in login_response.content:
            print ("Login Failed")
            exit(0)
            
        #update token to session headers
        
        login_token = sess.get(url=token_url, verify=False)

        if login_token.status_code == 200:
            if b'<html>' in login_token.content:
                print ("Login Token Failed")
                exit(0)
            
            sess.headers['X-XSRF-TOKEN'] = login_token.content
            self.session[vmanage_host] = sess

 

 

Beginner

Re: vManage API - GET works, POST fails

Hi msuchand,


"With 19.2 vManage version, API authentication is enhanced to include token in the POST/PUT/DELETE request Headers."
From my understanding, it would mean that GET routes aren't affected if the token is missing

My problem is:
GET - /dataservice/client/about doesn't work without the token
GET- /dataservice/device/vedgeinventory/detail?status=deployed works without the token

 

Finally, when is this token required?
I thougth all GET would get their way through without it...

Thanks for the help,
Laurent.

Cisco Employee

Re: vManage API - GET works, POST fails

Hi Laurent, 

 

GET request should work without token. 

 

I tried https://{{vmanage}}:{{port}}/dataservice/client/about on my lab vManage running 19.2 release and didn't see any issue. 

 

Could you please let me know the error you are seeing. 

 

Thanks,
Sai

Cisco Employee

Re: vManage API - GET works, POST fails

Hello,

the only time I got a response was when using POSTMAN.

https://10.48.x.y/dataservice/client/about

 

response.png

Do we have some examples in cURL ?

Regards,

Danny

 

Cisco Employee

Re: vManage API - GET works, POST fails

Hello, 

 

I have tested the below sequence of curl commands and it works. 

 

curl --request POST -k -c 'cookies.txt' --url https://vmanage-ip-address/j_security_check --data 'j_username=username&j_password=password'

 

curl-k -b 'cookies.txt' --url https://vmanage-ip-address/dataservice/client/about

 

Thanks,
Sai

Beginner

Re: vManage API - GET works, POST fails

Hi Sai,

I tried the curl command as you said and got this:

 

 

curl --request POST -k -c 'cookies.txt' --url https://vmanage-ip-address/dataservice/j_security_check --data 'j_username=admin&j_password=admin'


curl -k -b 'cookies.txt' --url https://vmanage-ip-address/dataservice/client/about
<html><head><title>Error</title></head><body>SessionTokenFilter: Token provided via HTTP Header does not match the token generated by the server.</body></html>

 

Or more precisely:

curl -i -k -b 'cookies.txt' --url https://vmanage-ip-address/dataservice/client/about
HTTP/1.1 403 Forbidden
Cache-Control: no-cache, no-store, must-revalidate
X-XSS-Protection: 1; mode=block
X-Frame-Options: DENY
Date: Wed, 25 Sep 2019 12:40:33 GMT
Connection: keep-alive
Vary: Accept-Encoding
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
Content-Type: text/html;charset=UTF-8
Content-Length: 159

<html><head><title>Error</title></head><body>SessionTokenFilter: Token provided via HTTP Header does not match the token generated by the server.</body></html>

 

 

However if I add the X-XSRF-TOKEN header it works:

curl -k -b 'cookies.txt' -H "X-XSRF-TOKEN:XXXX" --url https://vmanage-ip-address/dataservice/client/about
{"header":{},"data":{"title":"Cisco vManage","version":"Platform Version: 19.2.0","applicationVersion":"Application Version: 19.2R-vbamboo-14-Aug-2019 19:54:05 PDT","applicationServer":"Server: vmanage","copyright":"Copyright (c) 2019, Cisco. All rights reserved.","time":"2019-09-25 12:33:32,813","timeZone":"UTC","logo":"/dataservice/client/logo.png"}}


Is this normal that we need token for a GET request?

I'd like to avoid this token as much as possible since I only use GET methods of VManage api...

Thanks for the help,

Laurent.

Cisco Employee

Re: vManage API - GET works, POST fails

One can always look at the logfiles on the vManage to see which errors get generated.

I got the same error Token provided via HTTP Header does not match the token generated by the server using cURL.

The vmanage-server-rest.log show error.

 

25-Sep-2019 23:34:40,172 CEST WARN [vmanage] [DataServiceLoggingFilter] (default task-11) Unable to process request = /client/about from client = 10.24.23.107/admin!: java.io.IOException: UT010029: Stream is closed

 With the token cURL example you gave it works indeed.

 

M-82HC:~ dderidde$ curl -s -k -b 'cookies.txt' -H "X-XSRF-TOKEN:AB4C1C8F02AC42DCE1B672C86C23C8F5AE1211A976CC6589226D41829EBD022C84548390B351BA4CB22642AD16747D77C0A5" --url https://10.48.x.y/dataservice/client/about | python -m json.tool
{
"data": {
"applicationServer": "Server: vmanage",
"applicationVersion": "Application Version: 19.2R-vbamboo-14-Aug-2019 19:54:05 PDT",
"copyright": "Copyright (c) 2019, Cisco. All rights reserved.",
"logo": "/dataservice/client/logo.png",
"time": "2019-09-26 00:20:54,980",
"timeZone": "Europe/Brussels",
"title": "Cisco vManage",
"version": "Platform Version: 19.2.0"
},
"header": {}
}
M-82HC:~ dderidde$

 

 

Cisco Employee

Re: vManage API - GET works, POST fails

Hi Laurent, 

 

Sorry I missed that I had enabled whitelist on my lab vManage to skip token requirement. 

 

For whitelisting please reach out to TAC as suggested at link: https://www.cisco.com/c/en/us/td/docs/routers/sdwan/software/configuration/sdwan-xe-gs-book/sdwan-xe-gs-book_chapter_011.html

 

Thanks,
Sai

CreatePlease to create content
Content for Community-Ad
July's Community Spotlight Awards