Showing results for 
Search instead for 
Did you mean: 

PSIRT OpenVuln API authentication issue

I am trying to use the openvulnquery python script and I am getting a 401. I also have been trying to use curl as shown in the documentation ( to test the credentials and this is not working either. I have registered two apps in the API console with client credentials. The python script is passing the credentials. 

Is this service working for others? I am pretty sure I have this all setup correctly. Just not sure what is wrong. Any pointers? 

Seb Rupik
VIP Advisor

Hi there,

A quick test shows it is currently working in postman.


Can you share your python code which deals with creating the OpenVulnQueryClient object which manages the API connection.


You may also want to read this:




Here is the curl I am using: (venv)chris.young@prdch3nix01 /home/networkteam/intermapper> curl -s -k -H "Content-Type: application/x-www-form-urlencoded" -X POST -d "client_id=fx7ynshh8j4ud3f9zxpXXXXX" -d "client_secret=Y3ZA7BxmWsYsqsZNrcUXXXXX" -d "grant_type=client_credentials"
{"error_description":"Invalid client or client credentials","error":"invalid_client"} <- I obfuscated the client_id and secret. this is what I get


For python code - I am using the provided openvulnquery code from github and I have created a credentials.json file with the credentials and passed them as an argument. I also tried editing the - neither worked. 


(venv)chris.young@prdch3nix01 /home/networkteam/intermapper> openVulnQuery --config credentials.json --all
Traceback (most recent call last):
File "/home/networkteam/intermapper/venv/bin/openVulnQuery", line 11, in <module>
File "/home/networkteam/intermapper/venv/lib/python3.4/site-packages/openVulnQuery/_library/", line 58, in main
client = query_client.OpenVulnQueryClient(**client_cfg)
File "/home/networkteam/intermapper/venv/lib/python3.4/site-packages/openVulnQuery/_library/", line 73, in __init__
client_id, client_secret, request_token_url=self.auth_url)
File "/home/networkteam/intermapper/venv/lib/python3.4/site-packages/openVulnQuery/_library/", line 22, in get_oauth_token
File "/home/networkteam/intermapper/venv/lib/python3.4/site-packages/requests/", line 909, in raise_for_status
raise HTTPError(http_error_msg, response=self)
requests.exceptions.HTTPError: 401 Client Error: Unauthorized for url:

cat credentials.json
"CLIENT_ID": "fx7ynshh8j4ud3f9zxpXXXXX",

Two different registered apps, two sets of credentials. Same result. 


API Console app settings



Hi Chris,

I've got to hand it to you, your testing certainly is thorough!


I have just tried to create a new application at for the PSIRT API, but the API is no longer available to me....thankfully I still have my old application registered so have retained access.


I can only suggest that you raise a support ticket with cisco as this appears to be some backend issue.

@Omar Santos can you shed any light on the status of the PSIRT API?






 I tested with your python script too!

Hi @chris.young ,


I think that I have reproduced this problem and reported it to the API development team. They are looking into this now. I am expecting a resolution/answer today. I will provide an update here (once I get one) and I will contact you directly now to troubleshoot further.




@Omar Santos  - thanks for your assistance!


I worked with the development team for both the PSIRT OpenVuln API and the Services API. We thought that we were able to reproduce your problem, but we are successful after many new registration of applications/client creds. Can you please try one more time to get new client credentials and or send me a direct message so that I can give you a couple to test?

@Omar Santos 


Either something was fixed or third times the charm on registering apps. 

The first two registrations did not work. The new one I created today worked!


Thanks @Omar Santos and @Seb Rupik for your assistance.

Content for Community-Ad