Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
523
Views
0
Helpful
3
Replies

Cisco PSIRT openVuln not able to make API calls

1487452
Level 1
Level 1

‎05-25-2023 10:29 AM

Hi,

I just started using the openVuln API, I have registered for the API access, I am having trouble with the second step in the documentation for making API calls. I was able to get the OAuth token by using the first step of the documentation, I have used my OAuth token to make API calls but I am getting a blank output and nothing is happening. Can any one please let me know how I can resolve this.

 

curl -X GET -s -k -H "Accept: application/json" -H "Authorization: Bearer <my_token>" 'https://apix.cisco.com/security/advisories/v2/cve/CVE-2018-0124'

 

 

 

 

0 Helpful
3 Replies 3

PR Oxman
Cisco Employee
Cisco Employee

‎05-25-2023 04:00 PM

Hello,

   The format of your call looks correct.  Are you behind a proxy by chance?  Just trying calling

    curl --dump-header - 'https://apix.cisco.com/security/advisories/v2/cve/CVE-2018-0124'

    to see what response you get and isolate out the call is making it through.

- Paul.

0 Helpful

1487452
Level 1
Level 1
In response to PR Oxman

‎05-25-2023 10:05 PM

Hello,

I am not using any proxy, this is the response that I got when I ran the command.

curl: (35) OpenSSL/3.0.8: error:0A000152:SSL routines::unsafe legacy renegotiation disabled

I enabled it by updading my openssl config with 

 

openssl_conf = openssl_init

[openssl_init]
ssl_conf = ssl_sect

[ssl_sect]
system_default = system_default_sect

[system_default_sect]
Options = UnsafeLegacyServerConnect

this was the message after updaing the openssl config

 

HTTP/1.1 403 Forbidden
X-Mashery-Message-ID: 7562017f-ce37-4b5d-962f-4002c8a772f0
X-Error-Detail-Header: Not Authorized
X-Mashery-Error-Code: ERR_403_NOT_AUTHORIZED
Content-Type: text/xml
Date: Fri, 26 May 2023 05:02:38 GMT
Content-Length: 69

<h1>Authorization Header is either empty or not found in request</h1>%

 

I tried to make API call again and it didn't work this time either.

Thanks,

 

 

0 Helpful

PR Oxman
Cisco Employee
Cisco Employee
In response to 1487452

‎05-25-2023 10:57 PM - edited ‎05-25-2023 11:28 PM

Hello,

What error or response are you getting after you made those changes; when you make the API call?

Can you send the output please. Mask your keys/tokens etc using the following:

CLIENT_ID=your_key
CLIENT_PASS=your_secret

Then you can obtain the token:

TOKEN=$(curl -s -k -H "Content-Type: application/x-www-form-urlencoded" -X POST -d 'client_id='"$CLIENT_ID"'' -d 'client_secret='"$CLIENT_PASS"'' -d "grant_type=client_credentials" https://id.cisco.com/oauth2/default/v1/token | python3 -m json.tool | awk -F'"' '/access_token/{print $4}')

Then make an API request:
curl --request GET --url https://apix.cisco.com/security/advisories/v2/latest/1 --header 'Accept: application/json' --header 'Authorization: Bearer '"$TOKEN"''

And post that response please.

Thanks.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents