Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 5 replies
  • Answers 1 answer
  • Subscribers 30 subscribers
  • Views 4471 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Sophos XG API "encrypt" Authentication not working in API version 1701.1?

Kevin Roman

I am having issues authenticating to the API using the "encrypt" authentication method; however, I am able to get it to work with the "plain" method. Below is an example of the URL's that I'm using that both work, and don't work.

After exporting my credentials and getting the encrypted password from CSV, I noticed that the password appeared to have HTML encoded characters at the end, so that is why I tried both of the below (thinking that the encrypted password was actually encrypted then base64 encoded or something...). Neither of the below entries work:

1.1.1.1:4444/.../APIController APIVersion="1701.1"><Login><Username>' + _myUser + '</Username><Password passwordform="encrypt">tGTB8Ih7pMLYT5HVrVXd0A%3D%3D</Password></Login></Request>
1.1.1.1:4444/.../APIController APIVersion="1701.1"><Login><Username>' + _myUser + '</Username><Password passwordform="encrypt">tGTB8Ih7pMLYT5HVrVXd0A==</Password></Login></Request>
 
The below entry DOES successfully authenticate and work as expected though (and I have other API calls using the "plain" method where I am creating IP hosts, etc so I know I am gettin the XML correctly formatted), so I am not sure what I am doing wrong between the two:
 
1.1.1.1:4444/.../APIController APIVersion="1701.1"><Login><Username>' + _myUser + '</Username><Password passwordform="plain">test1234</Password></Login></Request>
 
NOTE: I am using Python and the "requests" library to make these requests
 
I have checked the API documentation and it says that this should work but I just cannot seem to get it to authenticate properly for me.
docs.sophos.com/.../index.html


This thread was automatically locked due to age.
Parents Reply Children
  • 0 in reply to woter324

    If you are referring to authenticating via "encrypt", make sure you are getting the encrypted password from Backup & Firmware > Import export > Export > Export selective configuration > User export & not the one on the Users page.  I have not tested this on older versions, but I know it works on SFOS 18.0.0 GA-Build354.

     

    I am currently using the following on v18:

     

    ip_address:admin_port/.../APIController passwordform="encrypt">encrypted_password</Password></Login><Get><SDWANPolicyRoute><Filter><key name="Name" criteria="like">policy_name</key></Filter></SDWANPolicyRoute></Get></Request>
  • 0 in reply to CaseyHayes

    Wanted to say the same. Using Encrypted Password option and it worked quite nicely for years. 

    I will retest the process and point out, we need some more Info in the Docs. 

  • 0 in reply to LuCar Toni

    Hi,

    Thanks for letting me know. I've used the encrypted password from "System > Backup & firmware > Import export > Export" and can confirm it works.

    It would be nice if Sophos could tell us how to encrypt the password in code. i.e. is it Base64 encoded etc.

    Thanks