Solved: Re: "Payload is not a valid JSON" when bash script...

ias_gc-dk · ‎2020-02-03

Hi

I am trying to automate deployment of a new VSX firewall and I am having trouble getting the Checkpoint management server to accept my input. The firewall management is version 80.20 and I have no trouble logging in and getting the session-id. I have made it so that awk reads a file (default-host-objects.csv) containing object-names,ip-address and then executes a cURL command:

My test-script look like this:

cp_api_url="https://mgmt-station.net/web_api"

SID=`curl -s -k -H "Content-Type: application/json" -H "Accept: bla" -X POST "$cp_api_url/login" -d "{\"user\":\"admin-user\",\"password\":"\"admin-password"",\"domain\":\"test-domain\"}" | awk -F\" '/sid/ {print $4}'`

awk -F, -v aSID="$SID" -v cpurl="$cp_api_url" '{ system("curl -k -H \"Content-Type: application/json\" -H \"X-chkp-sid: "aSID"\" -X POST -d \"{ \"name\": \""$1"\", \"ip-address\": \""$2"\" }\" "cpurl"/add-host") }' default-host-objects.csv

The result I get is this:

{
"code" : "generic_err_invalid_syntax",
"message" : "Payload is not a valid JSON"
}

---

I also tried manually to create the objects by these commands:

curl -k -H Content-Type: application/json -H X-chkp-sid: <insert sid> -X POST -d { name: testserver1, ip-address: 1.2.3.4 } https://mgmt-station.net/web_api/add-host

or

curl -k -H "Content-Type: application/json" -H "<insert sid>" -X POST -d "{ "name": "testserver1", "ip-address": "1.2.3.4" }" https://mgmt-station.net/web_api/add-host

Both with the same result:

{
"code" : "generic_err_invalid_syntax",
"message" : "Payload is not a valid JSON"
}

What am I doing wrong?

masher · ‎2020-02-04

Try putting putting your data in single quotes:

# curl -k -H "Content-Type: application/json" -H "X-chkp-sid: ${SID}" \ 
-X POST -d '{"name": "test1", "ip-address": "10.10.10.10"}' https://mgmt_server/web_api/add-host

Output:

{
"uid" : "f0b7bdf9-ac56-46a3-8cf2-9687012afc89",
"name" : "test1",
"type" : "host",
"domain" : {
"uid" : "41e821a0-3720-11e3-aa6e-0800200c9fde",
"name" : "SMC User",
"domain-type" : "domain"
},
"ipv4-address" : "10.10.10.10",
"interfaces" : [ ],
"nat-settings" : {
"....

View solution in original post

PhoneBoy · ‎2020-02-03

You have to enable API Access first.
See: https://community.checkpoint.com/t5/API-CLI-Discussion-and-Samples/Enabling-web-api/m-p/32641#M2011

ias_gc-dk · ‎2020-02-03

API access is already enabled. Otherwise I wouldn't be able to login in and get a session-id, would I?

ias_gc-dk · ‎2020-02-03

I just checked the API status:

# api status

API Settings:
---------------------
Accessibility: Require all granted
Automatic Start: Enabled

Processes:

Name State PID More Information
-------------------------------------------------
API Started 23009
CPM Started 21940 Check Point Security Management Server is running and ready
FWM Started 22231
APACHE Started 5568

Port Details:
-------------------
JETTY Internal Port: 50276
APACHE Gaia Port: 443

--------------------------------------------
Overall API Status: Started
--------------------------------------------

API readiness test SUCCESSFUL. The server is up and ready to receive connections

----

The management-server part is set to "Anyhost" in the GUI.

ias_gc-dk · ‎2020-02-04

just tried it with the allow all ip addreses set. no difference:

{
"code" : "generic_err_invalid_syntax",
"message" : "Payload is not a valid JSON"
}

Is there a log somewhere, where I can see more details as to why it thinks the payload is not valid JSON?

masher · ‎2020-02-04

Try putting putting your data in single quotes:

# curl -k -H "Content-Type: application/json" -H "X-chkp-sid: ${SID}" \ 
-X POST -d '{"name": "test1", "ip-address": "10.10.10.10"}' https://mgmt_server/web_api/add-host

Output:

{
"uid" : "f0b7bdf9-ac56-46a3-8cf2-9687012afc89",
"name" : "test1",
"type" : "host",
"domain" : {
"uid" : "41e821a0-3720-11e3-aa6e-0800200c9fde",
"name" : "SMC User",
"domain-type" : "domain"
},
"ipv4-address" : "10.10.10.10",
"interfaces" : [ ],
"nat-settings" : {
"....

ias_gc-dk · ‎2020-02-05

I just tried that, same result.

Then I tried using the jq tool to format the JSON for me and then pass it to awk, to make sure JSON was formatted correctly. Granted I told jq to format it on one line (using -c), but the same result comes up.

Then I went basic, I did a little script that just logs into mgmt-server and then generates what I believe is the correct command so I could manually enter the command one by one: I ended up with this command:

curl -k -H "Content-Type: application/json" -H "X-chkp-sid: gLlxu0y9oG541DCyQmOPc1hPX0UiA_1111111111111" -X POST -d '{"name":"test1","ip-address":"10.10.10.10"}' https://mgmt_server/web_api/add-host

As far as I can see, the JSON is formatted correctly, but I still get the usual error-message:

{
"code" : "generic_err_invalid_syntax",
"message" : "Payload is not a valid JSON"
}

I am starting to think there is something malfunctioning with the management-servers API, because I have no problems posting to REST-api's on other systems using JSON formatting, e.g. Netbox.

ias_gc-dk · ‎2020-02-05

hmm.. seems this was the solution after all.

After trying back and forth, I tried the same command again, just for the h.. of it and it suddenly worked.

I'll see where this takes me, thanks,

ias_gc-dk · ‎2020-02-05

btw, I found this article on how to quote single-quotes inside a script:

https://stackoverflow.com/questions/1250079/how-to-escape-single-quotes-within-single-quoted-strings

perhaps its useful for others.

Are you a member of CheckMates?

"Payload is not a valid JSON" when bash scripting with cURL