cancel
Showing results for 
Search instead for 
Did you mean: 
cancel

Accessing the Cisco PSIRT openVuln API Using curl

5806
Views
26
Helpful
2
Comments

The following are step-by-step instructions on how to access the Cisco PSIRT openVuln API.

Step 1: Access the Cisco API console at: https://apiconsole.cisco.com


Step 2: Login with your CCO credentials (login is only available to registered Cisco customers and partners).


Step 3: Register your application and obtain your client credentials.


Step 4: Once you register your application and obtain your client ID and client secret, the next step is to obtain an authorization token. Authorization tokens in the Cisco PSIRT openVuln API are valid for one (1) hour. The following example demonstrates how to get the token using the curl utility.

curl -s -k -H "Content-Type: application/x-www-form-urlencoded" -X POST -d "client_id=<client_id>" -d "client_secret=<client_secret>" -d "grant_type=client_credentials" https://cloudsso.cisco.com/as/token.oauth2

For example:

omar@omar:~$ curl -s -k -H "Content-Type: application/x-www-form-urlencoded" -X POST -d "client_id=XXXXXXXX" -d "client_secret=YYYYYYYY" -d "grant_type=client_credentials" https://cloudsso.cisco.com/as/token.oauth2

{"access_token":"ytuopLCGZxBFN5O0hnL1M2QX2QVp","token_type":"Bearer","expires_in":3599}

Step 5: Make API calls to https://api.cisco.com/security/... The following example uses the curl command to retrieve CVRF files for all Cisco Security Advisories.

curl -X GET -s -k -H "Accept: application/json" -H "Authorization: Bearer uayEoKBrv0nfjrUavwix1ye8ZoNO" https://api.cisco.com/security/advisories/cvrf/all

The following example demonstrates how to obtain the latest 10 advisories:

curl -X GET -s -k -H "Accept: application/json" -H "Authorization: Bearer uayEoKB

rv0nfjrUavwix1ye8ZoNO" https://api.cisco.com/security/advisories/cvrf/latest/10


For more information about the available RESTful resource URIs and the Cisco PSIRT openVuln API visit: Cisco DevNet: PSIRT

Comments
visxu
Cisco Employee

The KEY means client_id, CLIENT SECRET means client_secret, right ?
But I got 401 response

{
    "error_description": "Invalid client or client credentials.",
    "error": "invalid_client"
}

20200804111222.png

visxu
Cisco Employee

I created a another new application and it works with the new id and secret.
In the second creation, I just choose only one Grant Type : "Client Credentials"

Content for Community-Ad

This widget could not be displayed.