Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
davidjblackburn
Participant

Powershell API Login Not Returning UID

I've done at least a dozen API implementation in Powershell. The instructions are standard.

https://sc1.checkpoint.com/documents/latest/APIs/index.html?#web/login~v1.5%20

When I run the login, the uid does not get returned.

$header = @{"content-Type"="application/json"}
$body =
"
{
""user"":""me"",
""password"":""mypassword""
}
"

$uri = "https://mymanager.here.com/web_api/login"
$result = Invoke-WebRequest -uri $uri -headers $header -Body $body -method post

$result.RawContent

HTTP/1.1 200 OK
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Frame-Options: SAMEORIGIN
X-UA-Compatible: IE=EmulateIE8
X-Forwarded-Host-Port: 443
Transfer-Encoding: chunked
Content-Type: application/json
Date: Wed, 21 Jul 2021 23:30:11 GMT
Server: CPWS

{
"sid" : "TwYUh3EiZAbjK6D1gDB-3461a7HzYmDUVY0cT06susw",
"url" : "https://mymanager.here.com:443/web_api/v1.5",
"session-timeout" : 600,
"last-login-was-at" : {
"posix" : 1626910193164,
"iso-8601" : "2021-07-21T16:29-0700"
},
"read-only" : true,
"api-server-version" : "1.5"
}

0 Kudos
8 Replies
PhoneBoy
Admin
Admin

Sounds like a bug worthy of a TAC case, which I'm guessing was fixed at some point since R81.10 appears to return the uid.
Also tagging @Omer_Kleinstern.

Note that what's really important at least as far as calling the API is the sid.

davidjblackburn
Participant

Thanks PhoneBoy! We haven't run across each other since 1998. I hope you've been doing ok!

0 Kudos
PhoneBoy
Admin
Admin

Still at it 20+ years later. 🙂

0 Kudos
Bob_Zimmerman
Advisor

You're in read-only mode. Note the "read-only" : true at the bottom. Read-only sessions don't get a UUID, just a SID.

davidjblackburn
Participant

Well, rats. I suspected as much.
I'm an infosec guy and don't want much more access to the manager. But, I do like checking stuff often, like the threat protection.
Is there a document that lists the minimum access for the API functions?

https://sc1.checkpoint.com/documents/latest/APIs/index.html?#web/show-threat-protection~v1.5%20

0 Kudos
PhoneBoy
Admin
Admin

There is only one permission specific to the API: namely you can use it or not.
All other permissions are granted using the standard permission profile for your user.
I presume that particular API call is allowed based on whether your profile gives you access to Threat Prevention > Permissions > Protections or not. 

0 Kudos
PhoneBoy
Admin
Admin

That kinda makes sense, but it does point to an issue with the API documentation.
We should probably note that a UID won't be returned for a read-only session. 

0 Kudos
Bob_Zimmerman
Advisor

I mean, the only thing the UUID does is give you the ability to publish or discard the session. Can’t publish or discard a read-only session.

0 Kudos