cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
9702
Views
27
Helpful
13
Replies

PSIRT - openVuln API Authorization Error

rdediana
Cisco Employee
Cisco Employee

Hello PSIRT API team.

any assistance, or guidance, with regards to the below "Not Authorized" response from the openVuln API REST request would be greatly appreciated.

oAuth2.0 Token request

client_id=vjjw9...p9d4bs&grant_type=client_credentials&client_secret=PhdNGK...ThNF3A

Url: https://cloudsso.cisco.com/as/token.oauth2

<Response [200]>

<<class 'requests.cookies.RequestsCookieJar'>[<Cookie PF=b7Y6PySpJjVrPP96S6HA1w for cloudsso.cisco.com/>]>

openVuln API request

URL: https://api.cisco.com/security/advisories/cvrf/all

{'Authorization': 'Bearer b7Y6PySpJjVrPP96S6HA1w'}

[Request: Return Headers]{'Content-Length': '23', 'X-Mashery-Error-Code': 'ERR_403_NOT_AUTHORIZED', 'Server': 'Mashery Proxy', 'X-Error-Detail-Header': 'Not Authorized', 'X-Mashery-Message-ID': '6e4f0ecd-e8ad-47dd-8425-fe4aff058f6f', 'Connection': 'close', 'Date': 'Sat, 19 Mar 2016 18:22:30 GMT', 'Content-Type': 'text/xml'}

[Request: Return Content] <h1>Not Authorized</h1>

Also tried with Postman...

1 Accepted Solution

Accepted Solutions

Dave,

Sorry it took so long, docker issues.

Here's the code:

#!/usr/local/bin/python

import oauth2 as oauth

import json

import urllib.request

print('OAuth example into Cisco.com')

consumer = oauth.Consumer(key="yourclientidhere",secret="yourclientsecrethere")

request_token_url = "https://cloudsso.cisco.com/as/token.oauth2?grant_type=client_credentials&client_id=yourclientidhere&client_secret=yourclientsecrethere"

client = oauth.Client(consumer)

resp, content = client.request(request_token_url, "POST")

print(content)

j = json.loads(content.decode('utf-8'))

print(j['access_token'])

req = urllib.request.Request('https://api.cisco.com/security/advisories/cvrf/all')

req.add_header('Accept','application/json')

req.add_header('Authorization','Bearer '+j['access_token'])

resp = urllib.request.urlopen(req)

adv = resp.read()

advdata = json.loads(adv.decode('utf-8'))

for advisory in advdata['advisories']:

    print(advisory)

View solution in original post