Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
CC_one
Participant

API WebServices show-access-layer returning 404 Not Found

Jump to solution

Hi,

when requesting show-access-layer via Postman collection I get a 404 Not Found .

"code": "generic_err_object_not_found",
    "message": "Requested object [883e9de5-7c9e-4779-8c4e-1a3b8c6aa007] not found"

 

When trying to show-access-layers I get Status 200 with empty result

    "access-layers": [],
    "total": 0

 

When running the same commands from SmartConsole Commandline I get a result showing layer or layers.

 

API Version is V1.5 Management Server R80.30.

 

Do I miss something ?  Any Ideas ?

0 Kudos
1 Solution

Accepted Solutions
CC_one
Participant

Hi Jim,

I solved my Problem. It was lack of user rights. My API Webservices User is a read only user in contrast mgmt_cli user had more rights. 

What confused me was the output, not stating there is a lack of user rights and returning nothing .

Thanks for help.

 

CC_one

View solution in original post

6 Replies
Jim_Oqvist
Employee
Employee

Hi,

It looks like you enabled the API for retrieving request from external sources since you get a 200 OK for show-access-layers

But you need to provide more information.

  1. Are you using a postman collections from here
  2. How did you get the UID for the show-access-layer and are you using the correct UID?
  3. Why are you not using name for show-access-layer?
  4. Are you logging in to a MDS or a SMS?
  5. If you are logging into a MDS are you providing a domain parameter when sending the API login request?

Kind Regards
Jim

 

0 Kudos
CC_one
Participant

Hi Jim,

not really. 200 is only the Postman http return status. 

1. Yes. Other Web Service requests , for example show-host are working as expected. I'm pretty sure Postman and API are working as expected.

2. I get the UID from the mgmt_cli where the command show acces-layers returns the UIDs of my layers

3. I used name in show-acces-layer with same result.

4. I have not done the setup, as far as I know SMS. How can I be sure ? mgmt_cli show domains returns  nothing....

5. .... I've set value of show global-domain as domain parameter in the API login request. Same result as without.

 

Kind Regards

CC_one

 

0 Kudos
Jim_Oqvist
Employee
Employee

Hi,

If you see this icon in the middle bottom of SmartConsole it means that you are connected to a domain management server in a MDS
domain.png

and youre login payload should look like this in postman

{
  "user" : "aa",
  "password" : "aaaa",
  "domain" : "Domain Name"
}




If you just see this it means that you are connected to a SMS
sms.png
and your login payload should look like this in posman

{
  "user" : "aa",
  "password" : "aaaa"
}

 

It would help if you post the API requests and their payloads you are using in postman as well ass the command you used in the mgmt_cli to get the UID.

Kind Regards
Jim

0 Kudos
CC_one
Participant

Hi Jim,

I solved my Problem. It was lack of user rights. My API Webservices User is a read only user in contrast mgmt_cli user had more rights. 

What confused me was the output, not stating there is a lack of user rights and returning nothing .

Thanks for help.

 

CC_one

View solution in original post

Jim_Oqvist
Employee
Employee

Hi am glad to hear that your issue was resolved. But I am not sure I understand what caused it and what was the solution.

Using a read only user you are able to list layers and see the content of the layer using the API. 

This is from mgmt_cli but it works in exactly the same way when using Postman.

[Expert@sms69:0]# # add admin with Read Only permissions
[Expert@sms69:0]# mgmt_cli -r true -d "System Data" -f json add administrator name "ro_user" password "vpn123" must-change-password false authentication-method "check point password" permissions-profile "Read Only All"
{
  "uid" : "f69cfa69-93cc-40d0-aaf9-2a964291ebb1",
  "name" : "ro_user",
  "type" : "administrator",
  "domain" : {
    "uid" : "a0eebc99-afed-4ef8-bb6d-fedfedfedfed",
    "name" : "System Data",
    "domain-type" : "mds"
  },
  "email" : "",
  "phone-number" : "",
  "authentication-method" : "check point password",
  "must-change-password" : false,
  "permissions-profile" : {
    "uid" : "f4a23218-5bb9-4880-94bb-9c06b951f195",
    "name" : "Read Only All",
    "type" : "PermissionRole",
    "domain" : {
      "uid" : "a0bbbc99-adef-4ef8-bb6d-defdefdefdef",
      "name" : "Check Point Data",
      "domain-type" : "data domain"
    }
  },
  "sic-name" : "",
  "comments" : "",
  "color" : "black",
  "icon" : "General/Administrator",
  "tags" : [ ],
  "meta-info" : {
    "lock" : "unlocked",
    "validation-state" : "ok",
    "last-modify-time" : {
      "posix" : 1605866490731,
      "iso-8601" : "2020-11-20T11:01+0100"
    },
    "last-modifier" : "WEB_API",
    "creation-time" : {
      "posix" : 1605866490731,
      "iso-8601" : "2020-11-20T11:01+0100"
    },
    "creator" : "WEB_API"
  },
  "read-only" : true
}


---------------------------------------------
Time: [11:01:32] 20/11/2020
---------------------------------------------
"Publish operation"  succeeded  (100%)
[Expert@sms69:0]# # Show access layers with Read Only permissions
[Expert@sms69:0]# mgmt_cli -u ro_user -p vpn123 show-access-layers
access-layers:
- uid: "63b7fe60-76d2-4287-bca5-21af87337b0a"
  name: "Network"
  type: "access-layer"
  domain:
    uid: "41e821a0-3720-11e3-aa6e-0800200c9fde"
    name: "SMC User"
    domain-type: "domain"
from: 1
to: 1
total: 1

[Expert@sms69:0]# # Show access layer network with Read Only permissions
[Expert@sms69:0]# mgmt_cli -u ro_user -p vpn123 show-access-layer name Network
uid: "63b7fe60-76d2-4287-bca5-21af87337b0a"
name: "Network"
type: "access-layer"
domain:
  uid: "41e821a0-3720-11e3-aa6e-0800200c9fde"
  name: "SMC User"
  domain-type: "domain"
shared: false
applications-and-url-filtering: false
content-awareness: false
mobile-access: false
firewall: true
implicit-cleanup-action: "drop"
comments: ""
color: "black"
icon: "ApplicationFirewall/rulebase"
tags: []
meta-info:
  lock: "unlocked"
  validation-state: "ok"
  last-modify-time:
    posix: 1579509785872
    iso-8601: "2020-01-20T09:43+0100"
  last-modifier: "System"
  creation-time:
    posix: 1579509785831
    iso-8601: "2020-01-20T09:43+0100"
  creator: "System"
read-only: false

[Expert@sms69:0]#

 

Kind Regards

Jim

0 Kudos
CC_one
Participant

Hi Jim,

  Basically I had/have 2 User .  First is my admin User with Read/Write. I used this user for cli request with success.For all kind of requests.

Second user was/is a  User "api_user" with a custom permission-profile with read only. I Used "api_user" with Postman. It turned out my custom permission-profile lacks some permissions for example when reading layer information.

I changed api_user's permission-profile to the build in "Read Only All" et voila I get layer Information via Postman and Webservices.

I'm afraid I wasted your Time 😞 .... I made classical beginner failures.

1 Failure: Using 2 different User and awaiting same result

2 Failure: Not using build in permission-profile for first test

3 Failure: Awaiting a correct error . Something like " Not enough User Rights....." would have given me a hint. Instead cp returned  "code": "generic_err_object_not_found",
   "message": "Requested object [883e9de5-7c9e-4779-8c4e-1a3b8c6aa007] not found". Or even worse, returning an empty response and no failure at all. In case of show-access-     layers this was the answer :"access-layers": [], "total": 0.

 

Regards CC_one

 

0 Kudos