I've been having trouble using the Qualys API recently. It's been working great for many months, but recently, something seems to have changed. I can log in to the web UI fine, but I can't authenticate to the Qualys API. I've browsed these forums with little luck but have been using the API v2 and v1 guides as references. What has worked in the past no longer seems to work, so here's some info:
- The Web UI confirms that API access is enabled for the given user.
- Neither the HTTP basic auth nor session-based auth methods seem to work.
- I'm using the same username and password for both the web and API logins. I've also ensured that no special characters in the password field interfere with my shell commands (such as &, !, $, etc.)
Here's some command-line output:
$ curl -H "X-Requested-With: Curl Sample" -d "action=login&username=myuser&password=mypassword" "https://qualysapi.qualys.com/api/2.0/fo/session/"
$ curl -u "myuser:mypassword" -H "X-Requested-With: Curl Sample" "https://qualysapi.qualys.com/api/2.0/fo/report/?action=list"
<?xml version="1.0" encoding="UTF-8" ?>
<!DOCTYPE SIMPLE_RETURN SYSTEM "https://qualysapi.qualys.com/api/2.0/simple_return.dtd">
$ curl -u "myuser:mypassword" -H "X-Requested-With: Curl Sample" "https://qualysapi.qualys.com/msp/about.php"
What puzzles me is the error code returned by the first request (code 2010). On page 380 of the API V1 documentation, error code 2010 indicates that my "User account is not authorized to perform this function". How am I not authorized to login? Please let me know what I might be doing wrong. Thank you for your time.