Getting Started with Cisco APIs

vs_cisco · ‎12-12-2021

Trying this for the first time:

1- I created My Apps & Keys

2- Setup everything in Postman.

3- This is basically my code:

import requests

url = "https://cloudsso2.cisco.com/as/token.oauth2"

payload='response_type=code&grant_type=client_credentials&client_id=THIS IS THE KEY&client_secret=THIS IS THE SECRET'
headers = {
  'Content-Type': 'application/x-www-form-urlencoded',
  'Cookie': 'PF=xxxxxxxx
}

response = requests.request("POST", url, headers=headers, data=payload)

print(response.text)

I get the following error:

{
    "error_description": "Invalid client or client credentials.",
    "error": "invalid_client"
}

What am I missing here; isn't "KEY" = client_id? Or is that a different value?

Quick update: I deleted it app, recreated it and now I'm getting this:

{
    "error": "unauthorized_client"
}

Thank you.

Seb Rupik · ‎12-12-2021

Hi there,

You need to pass the client_id and client_secret in the header. The request should look like:

response = requests.post(url, verify=False, data={"grant_type": "client_credentials"},
                             headers={"Content-Type": "application/x-www-form-urlencoded"},
                             params={"client_id": API_TOKEN_CLIENT_ID, "client_secret": API_TOKEN_CLIENT_PASS})

I wrote a blog post here which may help: http://cs7networks.co.uk/2019/07/12/interacting-with-cisco-apis/

cheers,

Seb.

vs_cisco · ‎12-13-2021

Still not working, tried to follow your blog instructions but keep getting 'unauthorized_client' or some other message. That is what I thought that these should be sent in the header but Cisco docs confused me a bit. Any ways I tried sending everything in the header and same results:

import requests

url = "https://cloudsso.cisco.com/as/token.oauth2"

payload = {}
headers = {
  'Content-Type': 'application/x-www-form-urlencoded',
  'Cookie': 'PF=lKxxxxxxx',
  'grant_type': 'client_credentials',
  'client_id': 'xxxxxxxxxxxxx',
  'client_secret': 'vvvvvvvvvvvvvv'
}

response = requests.post(url, headers=headers, data=payload)

print(response.text)

I get this:

{"error_description":"grant_type is required","error":"invalid_request"}

Seb Rupik · ‎12-13-2021

What API are you trying to access? If it is sometyhing on the Cisco API Console, have to registered for access?

cheers,

Seb.

vs_cisco · ‎12-13-2021

Cisco PSIRT openVuln API: Cisco PSIRT openVuln API

But I haven't really gotten that far yet. I can't even generate a token using the script. Little more progress:

InsecureRequestWarning: Unverified HTTPS request is being made to host 'cloudsso.cisco.com'. Adding certificate verification is strongly advised. See: https://urllib3.readthedocs.io/en/1.26.x/advanced-usage.html#ssl-warnings
  warnings.warn(

Seb Rupik · ‎12-13-2021

The PSIRT openVuln API used to be available to everyone, but at some point cisco restricted access. It doesn't even show up when I browse for it under available APIs, but thankfully I still have access. I would check if you can access the API before you go any further.

You can suppress that warning with the following:

requests.packages.urllib3.disable_warnings(urllib3.exceptions.InsecureRequestWarning)

cheers,

Seb.

vs_cisco · ‎12-13-2021

Thanks, I will try that. I need to go through all that token generation process just to get information on EoL stuff?

Seb Rupik · ‎12-13-2021

Sadly yes. When you get it working it is a sweet solution. An alternative I have considered (but not got very far on) is to hoover up the details https://tools.cisco.com/security/center/publicationListing.x

Here it is: https://github.com/sebrupik/endlessninth/blob/master/cvrf_scape.py ... feel free to make a pull request!!

cheers,

Seb.

vs_cisco · ‎12-13-2021

Whew man this is rough. I have worked with few other vendor APIs and they are just so much easier. Just generating an API token is a night mare with Cisco.

So I have been able to get rid of the "verification error" and back to "unauthorized_client".

import requests
from requests.packages.urllib3.exceptions import InsecureRequestWarning
requests.packages.urllib3.disable_warnings(InsecureRequestWarning)
url = 'https://cloudsso.cisco.com/as/token.oauth2'
CLIENT_ID = '22222222222'
CLIENT_PASS = '33333333333333'

headers = {"Content-Type": "application/x-www-form-urlencoded"
           }

payload = {"client_id": CLIENT_ID,
           "client_secret": CLIENT_PASS,
           "grant_type": "client_credentials"
           }

response = requests.post(url,headers=headers, data=payload)
print(response.text)

I see the payload data includes all the required values and I have the client_id and client_secret from under My Apps and Keys. What am I doing wrong?

{"error":"unauthorized_client"}

Seb Rupik · ‎12-14-2021

The client id and client secret must be passed as parameters:

payload = {"grant_type": "client_credentials"}
headers_d = {"Content-Type": "application/x-www-form-urlencoded"}
params_d = {"client_id": CLIENT_ID, 
            "client_secret": CLIENT_PASS}

response = requests.post(url, verify=False, data=payload, headers=headers_d, params=params_d)

cheers,

Seb

emares · ‎10-10-2023

Did you find an answer for this question?

"What am I missing here; isn't "KEY" = client_id? Or is that a different value?"

I don't quite understand where to get the client id from.

bigevilbeard · ‎10-11-2023

@emares Register your application and obtain your client credentials, your client ID and client secret.

Please mark this as helpful or solution accepted to help others
Connect with me https://bigevilbeard.github.io