This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
ias_gc-dk
Contributor
‎2020-02-03 11:33 AM
Jump to solution

"Payload is not a valid JSON" when bash scripting with cURL

Hi

I am trying to automate deployment of a new VSX firewall and I am having trouble getting the Checkpoint management server to accept my input. The firewall management is version 80.20 and I have no trouble logging in and getting the session-id. I have made it so that awk reads a file (default-host-objects.csv) containing object-names,ip-address and then executes a cURL command:

My test-script look like this:

cp_api_url="https://mgmt-station.net/web_api"

SID=`curl -s -k -H "Content-Type: application/json" -H "Accept: bla" -X POST "$cp_api_url/login" -d "{\"user\":\"admin-user\",\"password\":"\"admin-password"",\"domain\":\"test-domain\"}" | awk -F\" '/sid/ {print $4}'`

awk -F, -v aSID="$SID" -v cpurl="$cp_api_url" '{ system("curl -k -H \"Content-Type: application/json\" -H \"X-chkp-sid: "aSID"\" -X POST -d \"{ \"name\": \""$1"\", \"ip-address\": \""$2"\" }\" "cpurl"/add-host") }' default-host-objects.csv

The result I get is this:

{
"code" : "generic_err_invalid_syntax",
"message" : "Payload is not a valid JSON"
}

---

I also tried manually to create the objects by these commands:

curl -k -H Content-Type: application/json -H X-chkp-sid: <insert sid> -X POST -d { name: testserver1, ip-address: 1.2.3.4 } https://mgmt-station.net/web_api/add-host

or

curl -k -H "Content-Type: application/json" -H "<insert sid>" -X POST -d "{ "name": "testserver1", "ip-address": "1.2.3.4" }" https://mgmt-station.net/web_api/add-host

Both with the same result:

{
"code" : "generic_err_invalid_syntax",
"message" : "Payload is not a valid JSON"
}

What am I doing wrong?

1 Solution

Accepted Solutions
masher
Employee
Employee
‎2020-02-04 09:22 AM
In response to ias_gc-dk
Jump to solution

Try putting putting your data in single quotes:

# curl -k -H "Content-Type: application/json" -H "X-chkp-sid: ${SID}" \ 
-X POST -d '{"name": "test1", "ip-address": "10.10.10.10"}' https://mgmt_server/web_api/add-host

Output:

{
"uid" : "f0b7bdf9-ac56-46a3-8cf2-9687012afc89",
"name" : "test1",
"type" : "host",
"domain" : {
"uid" : "41e821a0-3720-11e3-aa6e-0800200c9fde",
"name" : "SMC User",
"domain-type" : "domain"
},
"ipv4-address" : "10.10.10.10",
"interfaces" : [ ],
"nat-settings" : {
"....

 

View solution in original post

8 Replies
PhoneBoy
Admin
Admin
‎2020-02-03 11:36 PM
Jump to solution

You have to enable API Access first.
See: https://community.checkpoint.com/t5/API-CLI-Discussion-and-Samples/Enabling-web-api/m-p/32641#M2011
0 Kudos
ias_gc-dk
Contributor
‎2020-02-03 11:37 PM
In response to PhoneBoy
Jump to solution

API access is already enabled. Otherwise I wouldn't be able to login in and get a session-id, would I?

0 Kudos
ias_gc-dk
Contributor
‎2020-02-03 11:57 PM
In response to ias_gc-dk
Jump to solution

I just checked the API status:

 

# api status

API Settings:
---------------------
Accessibility: Require all granted
Automatic Start: Enabled

Processes:

Name State PID More Information
-------------------------------------------------
API Started 23009
CPM Started 21940 Check Point Security Management Server is running and ready
FWM Started 22231
APACHE Started 5568

Port Details:
-------------------
JETTY Internal Port: 50276
APACHE Gaia Port: 443


--------------------------------------------
Overall API Status: Started
--------------------------------------------

API readiness test SUCCESSFUL. The server is up and ready to receive connections

 

----

The management-server part is set to "Anyhost" in the GUI.

ias_gc-dk
Contributor
‎2020-02-04 05:55 AM
In response to PhoneBoy
Jump to solution

just tried it with the allow all ip addreses set. no difference:

{
"code" : "generic_err_invalid_syntax",
"message" : "Payload is not a valid JSON"
}

Is there a log somewhere, where I can see more details as to why it thinks the payload is not valid JSON?

0 Kudos
masher
Employee
Employee
‎2020-02-04 09:22 AM
In response to ias_gc-dk
Jump to solution

Try putting putting your data in single quotes:

# curl -k -H "Content-Type: application/json" -H "X-chkp-sid: ${SID}" \ 
-X POST -d '{"name": "test1", "ip-address": "10.10.10.10"}' https://mgmt_server/web_api/add-host

Output:

{
"uid" : "f0b7bdf9-ac56-46a3-8cf2-9687012afc89",
"name" : "test1",
"type" : "host",
"domain" : {
"uid" : "41e821a0-3720-11e3-aa6e-0800200c9fde",
"name" : "SMC User",
"domain-type" : "domain"
},
"ipv4-address" : "10.10.10.10",
"interfaces" : [ ],
"nat-settings" : {
"....

 

ias_gc-dk
Contributor
‎2020-02-05 05:24 AM
In response to masher
Jump to solution

I just tried that, same result.

Then I tried using the jq tool to format the JSON for me and then pass it to awk, to make sure JSON was formatted correctly.  Granted I told jq to format it on one line (using -c), but the same result comes up.

Then I went basic, I did a little script that just logs into mgmt-server and then generates what I believe is the correct command so I could manually enter the command one by one: I ended up with this command:

 

curl -k -H "Content-Type: application/json" -H "X-chkp-sid: gLlxu0y9oG541DCyQmOPc1hPX0UiA_1111111111111" -X POST -d '{"name":"test1","ip-address":"10.10.10.10"}' https://mgmt_server/web_api/add-host

 

As far as I can see, the JSON is formatted correctly, but I still get the usual error-message:

{
"code" : "generic_err_invalid_syntax",
"message" : "Payload is not a valid JSON"
}

I am starting to think there is something malfunctioning with the management-servers API, because I have no problems posting to REST-api's on other systems using JSON formatting, e.g. Netbox.

0 Kudos
ias_gc-dk
Contributor
‎2020-02-05 05:44 AM
In response to ias_gc-dk
Jump to solution

hmm.. seems this was the solution after all.

After trying back and forth, I tried the same command again, just for the h.. of it and it suddenly worked.

I'll see where this takes me, thanks,

0 Kudos
ias_gc-dk
Contributor
‎2020-02-05 06:30 AM
In response to masher
Jump to solution

btw, I found this article on how to quote single-quotes inside a script:

 

https://stackoverflow.com/questions/1250079/how-to-escape-single-quotes-within-single-quoted-strings

perhaps its useful for others.

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events