Python API works on 7.0 but not on 6.5

HKI

I wrote a python Api to authenticate and get statuses from the firewall. Authentication works on all firewalls (i) 470 and 470W with 7.0 OS (ii) 400W with 6.5.4 OS.

But after authentication success, a GET on any APi end point (e.g. /reporting/wireless/status or /reporting/interfaces/ipv4/status) returns HTTP 406 error on the 400W with 6.5 OS. Any idea why or how to resolve this?

Jaime

Hi @HKI,

Please take a look at the 6.5.4.x SonicOS API YAML document here:
https://sonicos-api.sonicwall.com/sonicos_files/6.5.4.8-89n/TZ-400W/sonicos_openapi.yml

According to the document, /reporting/interfaces/ipv4/ is there, but /reporting/interfaces/ipv4/status is not.

You may be able to find a suitable endpoint using that document. I did a bit of searching, but have not located one. You may be able to use the /direct/cli endpoint on GEN6 to send an equivalent CLI command. Even with CLI commands, I am not finding a great equivalent command. The closest I've seen is "show interface X1 ip", which I don't think is what you are looking for.

HKI

I fixed the headers and found that some API end points work in Gen6 API with 6.5.4.x firmware e.g. /reporting/wireless/status.

Is there any equivalent of /reporting/interfaces/ipv4/status in Gen6 API Firmware?

Veraniti

Hi,

Can you please share your working code? I'm trying to write a similar app using SonicOS 7 (Not SonicOSX), and after any successful authentication, every following request gets a 401 response…

My code is based on an answer from this forum:

class sonicapi:
def __init__(self, hostname, port, username, password):
self.baseurl = 'https://{0}:{1}/api/sonicos/'.format(hostname, str(port))
self.authinfo = (username, password)
self.headers = OrderedDict([
('Accept', 'application/json'),
('Content-Type', 'application/json'),
('Accept-Encoding', 'application/json'),
('Charset', 'UTF-8')])

def auth(self):
controller = 'auth'
url = self.baseurl + controller
r = requests.post(url, auth=self.authinfo, headers=self.headers, verify=False)
if r.status_code != 200:
return r.status_code
else:
response = r.json()
return response

def getIPv4AddressObjects(self):
controller = 'address-objects/ipv4'
url = self.baseurl + controller
r = requests.get(url, auth=self.authinfo, headers=self.headers, verify=False)
if r.status_code != 200:
return r.status_code
else:
response = r.json()
return response

def main():
s = sonicapi('1.2.3.4', 443, os.environ.get("SONICWALL_API_USER",""), os.environ.get("SONICWALL_API_PASS",""))
print(s.getIPv4AddressObjects())
main()

And the output:
> python3 sonicwall_client.py
Auth
URL:  https://1.2.3.4/api/sonicos/auth
b'{\n    "status": {\n        "success": true,\n\n        "info": [\n            { "level": "info", "code": "E_OK", "auth_code": "API_AUTH_USER_CAN_MGMT", "read_only": "No", "privilege": "FULL_ADMIN", "model": "NSv 270", "inactivity_timer": 15, "session_limit": 30, "show_status": true, "heart_beat_interval_second": 120, "popup_window": true, "user_protocol": "HTTPS", "mgmt_protocol": "HTTPS", "message": "Login as a user." }\n        ]\n    }\n }\n'
Reading existing policies
URL:  https://1.2.3.4/api/sonicos/security-policies/ipv4
401 b'{\n    "status": {\n        "success": false,\n\n        "info": [\n            { "level": "error", "code": "E_UNAUTHORIZED", "message": "Unauthorized." }\n        ]\n    }\n }\n'

Jaime

https://community.sonicwall.com/technology-and-support/discussion/comment/22669#Comment_22669

Hi @Veraniti, the API response "message": "Login as a user." suggests you just need to send a POST to the /start-management endpoint. The user is logged in, but "as a user" rather than an admin. Alternatively, enabling the "go straight to management" option on the SonicWall Administrators group should log you right in without sending a request to /start-management. However, this affects web logins as well so logins from an administrator would go right to management instead of the intermediate window/page with the button to begin management.