REST API - problem with special signs in api admin password

Question

There were some discussions in past about special signs in rest api admin password. For instance https://community.sophos.com/xg-firewall/f/discussions/124256/sophos-xg-firewall-rest-api-authentication-with-special-characters

Today I found this :

when I used this password at XG with 18.0.4

QQ88Yjhjk&JKH87Etw.65

I got this message : <Status code="529">Input request file is Invalid</Status>

If I used name and password for login via GUI (internet explorer), I was successful.

I found out that sign & was the reason. When I substitute it with other sign (\) I am able to use REST API with account ...

This thread was automatically locked due to age.

FormerMember · Accepted Answer

Hi Petr Odvarka1 , '&' is used as an argument separator in URL. You need to use '%26amp;' in place of '&' in password while running API through the browser. Use QQ88Yjhjk%26amp;JKH87Etw.65 in string. xx.xx.xx.xx:4444/.../APIControllerQQ88Yjhjk%26amp;JKH87Etw.65 For other special characters you need to use their URL encoded values. You can find the encoded values from below URL. www.w3schools.com/.../ref_urlencode.ASP For other special characters, you just need to replace a special character with its encoded value. eg. If the password contains # then just replace the character with %23 Password: abc#def Password in API string: abc%23def

Ben@Network · Answer

Hello,

you can use in your API call the encrypted password:

Get encrypted password on CLI:

opcode GetEncripted_PasswordFor_API -t json -b '{"password":"_*whateverpasswordisbeingused*_"}' -ds nosync

Use it in API call:

<Request> <Login> <Username>Username</Username> <Password passwordform='encrypt'>Encrypted_Password</Password> </Login> </Request>

See:

REST API - problem with special signs in api admin password

Top Replies