- CheckMates
- :
- Products
- :
- Developers
- :
- API / CLI Discussion
- :
- Re: "Payload is not a valid JSON" when bash script...
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Are you a member of CheckMates?
×- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
"Payload is not a valid JSON" when bash scripting with cURL
Hi
I am trying to automate deployment of a new VSX firewall and I am having trouble getting the Checkpoint management server to accept my input. The firewall management is version 80.20 and I have no trouble logging in and getting the session-id. I have made it so that awk reads a file (default-host-objects.csv) containing object-names,ip-address and then executes a cURL command:
My test-script look like this:
cp_api_url="https://mgmt-station.net/web_api"
SID=`curl -s -k -H "Content-Type: application/json" -H "Accept: bla" -X POST "$cp_api_url/login" -d "{\"user\":\"admin-user\",\"password\":"\"admin-password"",\"domain\":\"test-domain\"}" | awk -F\" '/sid/ {print $4}'`
awk -F, -v aSID="$SID" -v cpurl="$cp_api_url" '{ system("curl -k -H \"Content-Type: application/json\" -H \"X-chkp-sid: "aSID"\" -X POST -d \"{ \"name\": \""$1"\", \"ip-address\": \""$2"\" }\" "cpurl"/add-host") }' default-host-objects.csv
The result I get is this:
{
"code" : "generic_err_invalid_syntax",
"message" : "Payload is not a valid JSON"
}
---
I also tried manually to create the objects by these commands:
curl -k -H Content-Type: application/json -H X-chkp-sid: <insert sid> -X POST -d { name: testserver1, ip-address: 1.2.3.4 } https://mgmt-station.net/web_api/add-host
or
curl -k -H "Content-Type: application/json" -H "<insert sid>" -X POST -d "{ "name": "testserver1", "ip-address": "1.2.3.4" }" https://mgmt-station.net/web_api/add-host
Both with the same result:
{
"code" : "generic_err_invalid_syntax",
"message" : "Payload is not a valid JSON"
}
What am I doing wrong?
Accepted Solutions
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Try putting putting your data in single quotes:
# curl -k -H "Content-Type: application/json" -H "X-chkp-sid: ${SID}" \
-X POST -d '{"name": "test1", "ip-address": "10.10.10.10"}' https://mgmt_server/web_api/add-host
Output:
{
"uid" : "f0b7bdf9-ac56-46a3-8cf2-9687012afc89",
"name" : "test1",
"type" : "host",
"domain" : {
"uid" : "41e821a0-3720-11e3-aa6e-0800200c9fde",
"name" : "SMC User",
"domain-type" : "domain"
},
"ipv4-address" : "10.10.10.10",
"interfaces" : [ ],
"nat-settings" : {
"....
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
See: https://community.checkpoint.com/t5/API-CLI-Discussion-and-Samples/Enabling-web-api/m-p/32641#M2011
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
API access is already enabled. Otherwise I wouldn't be able to login in and get a session-id, would I?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I just checked the API status:
# api status
API Settings:
---------------------
Accessibility: Require all granted
Automatic Start: Enabled
Processes:
Name State PID More Information
-------------------------------------------------
API Started 23009
CPM Started 21940 Check Point Security Management Server is running and ready
FWM Started 22231
APACHE Started 5568
Port Details:
-------------------
JETTY Internal Port: 50276
APACHE Gaia Port: 443
--------------------------------------------
Overall API Status: Started
--------------------------------------------
API readiness test SUCCESSFUL. The server is up and ready to receive connections
----
The management-server part is set to "Anyhost" in the GUI.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
just tried it with the allow all ip addreses set. no difference:
{
"code" : "generic_err_invalid_syntax",
"message" : "Payload is not a valid JSON"
}
Is there a log somewhere, where I can see more details as to why it thinks the payload is not valid JSON?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Try putting putting your data in single quotes:
# curl -k -H "Content-Type: application/json" -H "X-chkp-sid: ${SID}" \
-X POST -d '{"name": "test1", "ip-address": "10.10.10.10"}' https://mgmt_server/web_api/add-host
Output:
{
"uid" : "f0b7bdf9-ac56-46a3-8cf2-9687012afc89",
"name" : "test1",
"type" : "host",
"domain" : {
"uid" : "41e821a0-3720-11e3-aa6e-0800200c9fde",
"name" : "SMC User",
"domain-type" : "domain"
},
"ipv4-address" : "10.10.10.10",
"interfaces" : [ ],
"nat-settings" : {
"....
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I just tried that, same result.
Then I tried using the jq tool to format the JSON for me and then pass it to awk, to make sure JSON was formatted correctly. Granted I told jq to format it on one line (using -c), but the same result comes up.
Then I went basic, I did a little script that just logs into mgmt-server and then generates what I believe is the correct command so I could manually enter the command one by one: I ended up with this command:
curl -k -H "Content-Type: application/json" -H "X-chkp-sid: gLlxu0y9oG541DCyQmOPc1hPX0UiA_1111111111111" -X POST -d '{"name":"test1","ip-address":"10.10.10.10"}' https://mgmt_server/web_api/add-host
As far as I can see, the JSON is formatted correctly, but I still get the usual error-message:
{
"code" : "generic_err_invalid_syntax",
"message" : "Payload is not a valid JSON"
}
I am starting to think there is something malfunctioning with the management-servers API, because I have no problems posting to REST-api's on other systems using JSON formatting, e.g. Netbox.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
hmm.. seems this was the solution after all.
After trying back and forth, I tried the same command again, just for the h.. of it and it suddenly worked.
I'll see where this takes me, thanks,
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
btw, I found this article on how to quote single-quotes inside a script:
https://stackoverflow.com/questions/1250079/how-to-escape-single-quotes-within-single-quoted-strings
perhaps its useful for others.
