https://community.splunk.com/t5/Splunk-SOAR/SOAR-HTTP-app-to-Cisco-Secure-Endpoint-API/m-p/674683#M1377 <P>I'm trying to set up the HTTP app to access the CIsco Secure Endpoint API (v3).&nbsp; I've generated the access token following the instructions found <A href="https://developer.cisco.com/docs/secure-endpoint/#!authentication/5-access-secure-endpoint-api" target="_self">here</A>.&nbsp; &nbsp; I can send a curl request in POSTMAN, using the access token, to get organisation details.&nbsp; So I know the access token is ok:</P><P>&nbsp;</P><P>&nbsp;</P><P>&nbsp;</P><LI-CODE lang="markup">curl -s 'https://api.amp.cisco.com/v3/organizations?size=10' \ --header "Authorization: Bearer eyJhbGciOiJ....."</LI-CODE><P>&nbsp;</P><P>&nbsp;</P><P>&nbsp;</P><P>When I enter the same value in the access_token field in the HTTP app and test connectivity, I always receive the following error status code:</P><P>error&nbsp;<SPAN>401 Data from server: {"errors":["Missing token"]}</SPAN></P><P>I'm not sure what to enter for the Type of Authentication Token, so maybe that's where I'm messing it up.&nbsp; I think it should be Bearer, because that's the only thing in POSTMAN header other than the token itself.</P><P>Note that I haven't entered anything in any of the other authentication fields (username, password, url, Client ID, Client Secret).&nbsp; And also - I get the same error if I don't enter anything in the access token field.&nbsp; Basically, it's just ignored.</P> Thu, 18 Jan 2024 14:59:53 GMT m22oswald 2024-01-18T14:59:53Z https://community.splunk.com/t5/Splunk-SOAR/SOAR-HTTP-app-to-Cisco-Secure-Endpoint-API/m-p/674683#M1377 <P>I'm trying to set up the HTTP app to access the CIsco Secure Endpoint API (v3).&nbsp; I've generated the access token following the instructions found <A href="https://developer.cisco.com/docs/secure-endpoint/#!authentication/5-access-secure-endpoint-api" target="_self">here</A>.&nbsp; &nbsp; I can send a curl request in POSTMAN, using the access token, to get organisation details.&nbsp; So I know the access token is ok:</P><P>&nbsp;</P><P>&nbsp;</P><P>&nbsp;</P><LI-CODE lang="markup">curl -s 'https://api.amp.cisco.com/v3/organizations?size=10' \ --header "Authorization: Bearer eyJhbGciOiJ....."</LI-CODE><P>&nbsp;</P><P>&nbsp;</P><P>&nbsp;</P><P>When I enter the same value in the access_token field in the HTTP app and test connectivity, I always receive the following error status code:</P><P>error&nbsp;<SPAN>401 Data from server: {"errors":["Missing token"]}</SPAN></P><P>I'm not sure what to enter for the Type of Authentication Token, so maybe that's where I'm messing it up.&nbsp; I think it should be Bearer, because that's the only thing in POSTMAN header other than the token itself.</P><P>Note that I haven't entered anything in any of the other authentication fields (username, password, url, Client ID, Client Secret).&nbsp; And also - I get the same error if I don't enter anything in the access token field.&nbsp; Basically, it's just ignored.</P> Thu, 18 Jan 2024 14:59:53 GMT https://community.splunk.com/t5/Splunk-SOAR/SOAR-HTTP-app-to-Cisco-Secure-Endpoint-API/m-p/674683#M1377 m22oswald 2024-01-18T14:59:53Z https://community.splunk.com/t5/Splunk-SOAR/SOAR-HTTP-app-to-Cisco-Secure-Endpoint-API/m-p/674765#M1382 <P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="Carloszavala121_0-1705621107014.png" style="width: 400px;"><img src="https://community.splunk.com/t5/image/serverpage/image-id/29014i0DAED7436ADB91EA/image-size/medium?v=v2&amp;px=400" role="button" title="Carloszavala121_0-1705621107014.png" alt="Carloszavala121_0-1705621107014.png" /></span></P><P>Hello, apparently in SOAR the token section is optional, an idea would be that you do not enter anything in the token but you do enter the necessary credentials to carry out your request, in this case your username and password</P> Thu, 18 Jan 2024 23:40:28 GMT https://community.splunk.com/t5/Splunk-SOAR/SOAR-HTTP-app-to-Cisco-Secure-Endpoint-API/m-p/674765#M1382 Carloszavala121 2024-01-18T23:40:28Z https://community.splunk.com/t5/Splunk-SOAR/SOAR-HTTP-app-to-Cisco-Secure-Endpoint-API/m-p/674766#M1383 <P>Another solution that I would do to solve the problem would be with an executed actions in this case a code within a flow make the request through python code where the same url enter the token like this example</P><P><SPAN class="">import</SPAN><SPAN> requests url = </SPAN><SPAN class="">'<A href="https://api.amp.cisco.com/v3/organizations?size=10" target="_blank" rel="noopener">https://api.amp.cisco.com/v3/organizations?size=10</A>'</SPAN><SPAN> headers = { </SPAN><SPAN class="">'Authorization'</SPAN><SPAN>: </SPAN><SPAN class="">'Bearer eyJhbGciOiJ.....'</SPAN> <SPAN class=""># Asegúrate de reemplazar esto con tu token real</SPAN><SPAN> } </SPAN><SPAN class=""># Realizar la petición GET</SPAN><SPAN> response = requests.get(url, headers=headers) </SPAN><SPAN class=""># Verificar si la petición fue exitosa (código de estado 200)</SPAN> <SPAN class="">if</SPAN><SPAN> response.status_code == </SPAN><SPAN class="">200</SPAN><SPAN>: </SPAN><SPAN class=""># Imprimir la respuesta JSON</SPAN> <SPAN class="">print</SPAN><SPAN>(response.json()) </SPAN><SPAN class="">else</SPAN><SPAN>: </SPAN><SPAN class=""># Imprimir el código de estado y el mensaje de error en caso de falla</SPAN> <SPAN class="">print</SPAN><SPAN>(</SPAN><SPAN class="">f'Error: <SPAN class="">{response.status_code}</SPAN> - <SPAN class="">{response.text}</SPAN>'</SPAN><SPAN>)</SPAN></P> Thu, 18 Jan 2024 23:44:36 GMT https://community.splunk.com/t5/Splunk-SOAR/SOAR-HTTP-app-to-Cisco-Secure-Endpoint-API/m-p/674766#M1383 Carloszavala121 2024-01-18T23:44:36Z