AnsweredAssumed Answered

API not returning anything but status code 200 OK code and header/tags etc.

Question asked by Greg Gelman on Apr 28, 2020
Latest reply on Apr 28, 2020 by Keith Shaw

I am beginning to use the Qualys API and am seeing success in authentication and using sessions to pull API endpoints but it seems I am only gathering the same information everytime I run the API.  I am using Windows and Invoke-WebRequest for this to get this off the ground.



$Global:X_Requested_With = 'Company Name'

$Global:ApiRootRoute = ''

$Headers = @{"X-Requested-With"=$X_Requested_With}

$PostParameters = @{action='login';username='username';password='password'}

Invoke-WebRequest -Method POST -Body $PostParameters -SessionVariable $Session -Uri "$ApiRootRoute/session/"


Doing the same thing for other endpoints as well.

$PostParameters = @{action='list';echo_request=1;show_args=1;show_op=1}

Invoke-WebRequest -Method POST -Body $PostParameters -SessionVariable $Session -Uri "$ApiRootRoute/scan/"



I get the same result for every Invoke-WebRequest I try:


StatusCode  : 200


StatusDescription : OK

Content : <!DOCTYPE HTML>



<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />

<meta name="robots" content="NOODP" />

<meta name="robots" content="NOINDEX, NOFOLLOW" />


RawContent : HTTP/1.1 200 OK

Strict-Transport-Security: max-age=63072000;,max-age=31536000; includeSubDomains

X-XSS-Protection: 1; mode=block

X-Content-Type-Options: nosniff

X-Frame-Options: SAMEORIGIN


Forms : {}

Headers : {[Strict-Transport-Security, max-age=63072000;,max-age=31536000; includeSubDomains], [X-XSS-Protection, 1;

mode=block], [X-Content-Type-Options, nosniff], [X-Frame-Options, SAMEORIGIN]...}

Images : {}

InputFields : {}

Links : {@{innerHTML=;

innerText=; outerHTML=<A style="FONT-SIZE: 12pt"



outerText=; tagName=A; style=FONT-SIZE: 12pt;

href=; target=_blank}}

ParsedHtml : mshtml.HTMLDocumentClass

RawContentLength : 3339


Am I doing something wrong here?