Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
alexkog
Explorer

New to API

Hi guys

i am new to API world and i am trying ti automate some basic staff.

i am trying to work with the python script provided here https://sc1.checkpoint.com/documents/latest/APIs/#introduction~v1.5%20 and just cant figure it out.

the firest error i got is :

Error(SSLError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:852)'),))

i am manged to pass it by adding verify=False to the r = requests.post func.

next error is:

simplejson.errors.JSONDecodeError: Expecting value: line 1 column 1 (char 0).

 

what am i doing wrong and what is the best way to debug it ?

 

tnx

 
 
 
0 Kudos
4 Replies
Bob_Zimmerman
Advisor

I'm not terribly familiar with Python, so I'm not sure what could be wrong there. Is there any particular language you are comfortable with? There's probably somebody on the forum who could write a similar script in that language to help get you started. Here's basically the same script in PowerShell, which I know a bit better:

 

$username = "my_username"
$password = "secret"
$managementServer = "192.168.65.2"
$chkpSID = ""

function Invoke-cpapiCall {
	param (
		[string]$apiPoint,
		[Hashtable]$callBody = @{}
	)
	
	$callResult = Invoke-WebRequest `
	-Uri "https://${managementServer}/web_api/${apiPoint}" `
	-ContentType "application/json"`
	-Method POST `
	-Headers @{"x-chkp-sid"=$chkpSID} `
	-Body $($callBody | ConvertTo-Json -Compress) `
	-SkipCertificateCheck `
	| ConvertFrom-Json -AsHashtable
	
	if ($apiPoint -eq "logout") {
		$chkpSID = ""
	}
	return $callResult
}

$loginBody = @{user=$username;password=$password}
$loginResult = Invoke-cpapiCall -apiPoint "login" -callBody $loginBody
$chkpSID = $loginResult["sid"]
Write-Host "Session ID: ${chkpSID}"

$newHostBody = @{name="new host name";"ip-address"="192.168.1.1"}
$newHostResult = Invoke-cpapiCall -apiPoint "add-host" -callBody $newHostBody
Write-Host "add-host result:`n$($newHostResult | ConvertTo-Json)`n"

$publishResult = Invoke-cpapiCall -apiPoint "publish"
Write-Host "publish result:`n$($publishResult | ConvertTo-Json)`n"

$logoutResult = Invoke-cpapiCall -apiPoint "logout"
Write-Host "logout result:`n$($logoutResult | ConvertTo-Json)"

 

This one keeps the request bodies as PowerShell hash tables by default. I like PowerShell because it comes with things like Invoke-WebRequest and Convert(To|From)-Json without needing to import any external libraries.

0 Kudos
alexkog
Explorer

Hi and tnx for reply

 

powershell is not an option since i am running the script from ubuntu server.

 

tnx

0 Kudos
aheilmaier
Explorer

I have not used the api outside mgmt_cli of the mgmt console. So I can not answer your original question.

If you want to give  powershell a Try, powershell Core is available for linux. There are *.deb packages available from microsoft.

0 Kudos
Bob_Zimmerman
Advisor

Yep! I'm actually running PowerShell on my Mac where I do all my other development work. 😉

That earlier code is kind of gross. Global variables and all that. I only spent ~20 minutes writing and testing it, though. Here's a version with somewhat better encapsulation:

class CheckPointApiConnection {
	[String]$ManagementServer
	hidden [String]$CheckPointApiSid = ""
	
	CheckPointApiConnection(
		[String]$mgmtServer,
		[String]$User,
		[String]$Pass,
		[Boolean]$readOnly
	) {
		$this.ManagementServer = $mgmtServer
		$loginBody = @{user=$User;password=$Pass;"read-only"=$readOnly}
		$loginResult = $this.ApiCall("login", $loginBody, $false)
		$this.CheckPointApiSid = $loginResult["sid"]
	}
	
	[Hashtable] ApiCall(
		[String]$ApiPoint
	) {
		return $this.ApiCall($ApiPoint, @{}, $false)
	}
	
	[Hashtable] ApiCall(
		[String]$ApiPoint,
		[Hashtable]$Body
	) {
		return $this.ApiCall($ApiPoint, $Body, $false)
	}
	
	[Hashtable] ApiCall(
		[String]$ApiPoint,
		[Boolean]$PrintResult
	) {
		return $this.ApiCall($ApiPoint, @{}, $PrintResult)
	}
	
	[Hashtable] ApiCall(
		[String]$ApiPoint,
		[Hashtable]$Body,
		[Boolean]$PrintResult
	) {
		$CallResult = Invoke-WebRequest `
		-Uri "https://$($this.ManagementServer)/web_api/${ApiPoint}" `
		-ContentType "application/json"`
		-Method POST `
		-Headers @{"x-chkp-sid"=$($this.CheckPointApiSid)} `
		-Body $($Body | ConvertTo-Json -Compress) `
		-SkipCertificateCheck
		
		if ($apiPoint -eq "logout") {
			$this.CheckPointApiSid = ""
		}
		if ($PrintResult) {
			Write-Host "${ApiPoint} result:`n${CallResult}`n"
		}
		return ($CallResult | ConvertFrom-Json -AsHashtable)
	}
}

$apiConnection = [CheckPointApiConnection]::new("192.168.65.2", "my_username", "secret", $false)

$newHostBody = @{name="new host name";"ip-address"="192.168.1.1"}
$newHostResult = $apiConnection.ApiCall("add-host", $newHostBody, $true)

$publishResult = $apiConnection.ApiCall("publish", $true)

$logoutResult = $apiConnection.ApiCall("logout", $true)

I'm not as familiar with methods in PowerShell objects as I am with functions. It feels like all those signatures for ApiCall could probably be consolidated down with optional arguments, or default values. I'm not sure if I can add argument names to method calls. That would cost a little verbosity, but greatly improve clarity at the call site.

This also doesn't have any error handling or disposal handling. For example, if you remove the object for the API connection, it should call logout to cleanly close the session on the management side.

0 Kudos