AnsweredAssumed Answered

Problems accessing Asset View / Asset Management API

Question asked by strasser on May 18, 2020
Latest reply on May 20, 2020 by strasser

Dear Qualys Community


I'm reaching out to you concerning issues I have with accessing the AssetView / Asset Management API.


  • I can use the v1 and v2 VM/PC API without any problems.
  • When trying to access the AM API, I keep on getting "Authentication Failed" error messages.


<?xml version="1.0" encoding="UTF-8"?>
<ServiceResponse xmlns:xsi="" xsi:noNamespaceSchemaLocation="">
    <errorMessage>Authentication Failed</errorMessage>
    <errorResolution>Verify both 'user' and 'password' credentials.</errorResolution>


Here's the example script doing three API calls

  • VM/PC v1 API -> works
  • VM/PC v2 API -> works
  •  AM API -> fails


Please be aware that we use two-factor authentication with username / password plus client certificates through a proxy. Therefore we use the URLs. However, you can ignore these aspects, since the TLS handshake works well for all three calls, so the error must be coming from somewhere else…


# Server and API URLs / URIs
$baseURL = ""
$APIVMv1URI = ""
$APIVMv2URI = ""

# Authentication Credentials
$thumbprint = "3EAEDCE020CBEF18CE8B74D0667A7FCB462D2203"
$username = "username"
$password = "password"
$qualysBasicAuth = $pair = "$($qualysUsername):$($qualysPassword)"
$encodedCreds = [System.Convert]::ToBase64String([System.Text.Encoding]::ASCII.GetBytes($qualysBasicAuth))
$basicAuthValue = "Basic $encodedCreds"
$certificate = Get-ChildItem -Path cert:\CurrentUser\My\$thumbprint
$assetid = "33267945"

$Headers = @{
Authorization = $basicAuthValue

$ProxyUri = [Uri]$null
$Proxy = [System.Net.WebRequest]::GetSystemWebProxy()
if ($Proxy) {
   $Proxy.Credentials = [System.Net.CredentialCache]::DefaultCredentials
   $ProxyUri = $Proxy.GetProxy("$baseURL")
   [Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12

   # VM API v1 call
   $response = Invoke-RestMethod -Headers $Headers -Uri "$APIVMv1URI/ticket_list.php?since_ticket_number=46000" -Method Post -Proxy $proxyUri -ProxyUseDefaultCredentials -Certificate $certificate
   write-host $response.InnerXml

   # VM API v2 call
  # Log in
  $body = "action=login&username=$qualysUsername&password=$qualysPassword"
   $websession = $null
   $response = Invoke-RestMethod -Headers $Headers -Uri "$APIVMv2URI/session/" -Method Post -Body $body -Proxy $proxyUri -ProxyUseDefaultCredentials -Certificate $certificate -SessionVariable websession
   write-host $response.InnerXml
   # API call
   $response = Invoke-RestMethod -Headers $Headers -Uri "$APIVMv2URI/asset/host/?action=list&truncation_limit=100" -Method Post -Proxy $proxyUri -ProxyUseDefaultCredentials -WebSession $websession
   write-host $response.InnerXml
   # Log out
   $response = Invoke-RestMethod -Headers $Headers -Uri "$APIVMv2URI/session/?action=logout" -Method Post -Proxy $proxyUri -ProxyUseDefaultCredentials -WebSession $websession
   write-host $response.InnerXml

   # AM API call
   $response = Invoke-RestMethod -Headers $Headers -ContentType "text/xml" -Uri "$APIAMURI/get/am/hostasset/$assetid" -Method Get -Proxy $proxyUri -ProxyUseDefaultCredentials -Certificate $certificate
   write $response.InnerXml