AnsweredAssumed Answered

Does Session authentication work for all API calls

Question asked by charles robbins on Jul 17, 2019
Latest reply on Jul 17, 2019 by Busby

I have started trying to use session authentication instead of basic authentication. Using curl and the cookie I can create reports using:

/api/2.0/fo/report/

 

Bu if I try and use:

/qps/rest/2.0/search/am/asset , passing it the cookie with curl using -c "cookie file"

 

I get:

100   310    0   261  100    49    116     21  0:00:02  0:00:02 --:--:--   138
<?xml version="1.0" encoding="UTF-8" ?>
<!DOCTYPE SIMPLE_RETURN SYSTEM "https://qualysapi.qualys.eu/api/2.0/simple_return.dtd">
<SIMPLE_RETURN>
  <RESPONSE>
    <DATETIME>2019-07-17T12:13:48Z</DATETIME>
    <TEXT>Logged in</TEXT>
  </RESPONSE>
</SIMPLE_RETURN>
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100   724    0   504  100   220    733    320 --:--:-- --:--:-- --:--:--  1053
<?xml version="1.0" encoding="UTF-8"?>
<ServiceResponse xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:noNamespaceSchemaLocation="https://qualysapi.qualys.eu/qps/xsd/2.0/am/asset.xsd">
  <responseCode>AUTH_CREDENTIALS_NEEDED</responseCode>
  <responseErrorDetails>
    <errorMessage>Login and password are required</errorMessage>
    <errorResolution>Make sure to pass &apos;user&apos; and &apos;password&apos; as request headers.</errorResolution>
  </responseErrorDetails>
</ServiceResponse>

 

 

So my question is, should session authentication work for all API calls?

 

thanks

Charles

Outcomes