Join the Conversation

To sign in, use your existing MySonicWall account. To create a free MySonicWall account click "Register".

Options

API Usage

I am trying to automate some items via the API but keep having some issues with authorization.

I can get a successful login via the API.
{
"$success": true,
"body_object": {
"data": {
"emailAddresss": "postmaster",
"licenseCodes": "ESEC,EPROT,EAVSN,ECOMP,SANDBOX,TCLICK",
"nextView": "/reports_dashboard.html?origin=login",
"orgUnit": null,
"role": "admin",
"serialNumber": "SERIAL",
"token": "TOKEN VALUE",
"username": "USERNAME"
},
"msg": null,
"msgType": "SUCCESS",
"userMsg": null
},
"body_string": "{"msgType":"SUCCESS","msg":null,"userMsg":null,"data":{"username":"USEARNAME","emailAddresss":"EMAIL ADDRESS","orgUnit":null,"role":"admin","serialNumber":"SERIAL","licenseCodes":"ESEC,EPROT,EAVSN,ECOMP,SANDBOX,TCLICK","token":"TOKEN VALUE","nextView":"/reports_dashboard.html?origin=login"}}",
"headers": {
"Access-Control-Allow-Credentials": "true",
"Access-Control-Allow-Methods": "GET, POST, PUT, DELETE, OPTIONS, HEAD",
"Access-Control-Allow-Origin": "*",
"Connection": "keep-alive",
"Content-Length": "621",
"Content-Security-Policy": "default-src 'none'; connect-src 'self'; img-src 'self' 'unsafe-inline' data: ; style-src 'self' 'unsafe-inline'; media-src 'self'; frame-ancestors 'none'; font-src 'self';script-src 'self' 'unsafe-inline' 'unsafe-eval';object-src 'self'",
"Content-Type": "application/json",
"Date": "Fri, 07 Jun 2024 19:33:43 GMT",
"Keep-Alive": "timeout=60",
"Referrer-Policy": "same-origin",
"Set-Cookie": "JSESSIONID=C3693141E3BD0E3EAA37C75CF954E64A; Path=/; Secure; HttpOnly; SameSite=Strict",
"Strict-Transport-Security": "max-age=63072000; includeSubdomains;",
"X-Content-Type-Options": "nosniff",
"X-Powered-By": "SonicWALL",
"X-Xss-Protection": "1; mode=block"
},
"status": 200
}



But when I try to GET or similair, it states I have NO_ACCESS.

My request looks like this.

{
  "body_any": "",
  "body_object": {},
  "headers": {
    "Accept": "application/json",
    "Authorization": "TOKEN VALUE FROM ABOVE",
    "Content-type": "application/json",
    "Cookie": "JSESSIONID=C3693141E3BD0E3EAA37C75CF954E64A",
    "Host": "HOST VALUE"
  },
  "route": "/api/address-book/blocked"
}

data='{"msgType":"NO_ACCESS","msg":"Invalid User","userMsg":"Invalid User"}', preset='username_password'

Am I missing something in the header or body?

Category: Email Security Appliances
Reply

Answers

  • Options
    JNolanJNolan Newbie ✭
    edited June 10

    Resolved…

    Put in the full URL for the route parameter.

Sign In or Register to comment.