This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
ABOUT CHECKMATES & FAQ
Create a Post
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Help

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
ias_gc-dk
Contributor
‎2020-02-03 11:33 AM

"Payload is not a valid JSON" when bash scripting with cURL

Jump to solution

Hi

I am trying to automate deployment of a new VSX firewall and I am having trouble getting the Checkpoint management server to accept my input. The firewall management is version 80.20 and I have no trouble logging in and getting the session-id. I have made it so that awk reads a file (default-host-objects.csv) containing object-names,ip-address and then executes a cURL command:

My test-script look like this:

cp_api_url="https://mgmt-station.net/web_api"

SID=`curl -s -k -H "Content-Type: application/json" -H "Accept: bla" -X POST "$cp_api_url/login" -d "{\"user\":\"admin-user\",\"password\":"\"admin-password"",\"domain\":\"test-domain\"}" | awk -F\" '/sid/ {print $4}'`

awk -F, -v aSID="$SID" -v cpurl="$cp_api_url" '{ system("curl -k -H \"Content-Type: application/json\" -H \"X-chkp-sid: "aSID"\" -X POST -d \"{ \"name\": \""$1"\", \"ip-address\": \""$2"\" }\" "cpurl"/add-host") }' default-host-objects.csv

The result I get is this:

{
"code" : "generic_err_invalid_syntax",
"message" : "Payload is not a valid JSON"
}

---

I also tried manually to create the objects by these commands:

curl -k -H Content-Type: application/json -H X-chkp-sid: <insert sid> -X POST -d { name: testserver1, ip-address: 1.2.3.4 } https://mgmt-station.net/web_api/add-host

or

curl -k -H "Content-Type: application/json" -H "<insert sid>" -X POST -d "{ "name": "testserver1", "ip-address": "1.2.3.4" }" https://mgmt-station.net/web_api/add-host

Both with the same result:

{
"code" : "generic_err_invalid_syntax",
"message" : "Payload is not a valid JSON"
}

What am I doing wrong?

1 Solution

Accepted Solutions
masher
Employee
Employee
‎2020-02-04 09:22 AM
In response to ias_gc-dk

Jump to solution

Try putting putting your data in single quotes:

# curl -k -H "Content-Type: application/json" -H "X-chkp-sid: ${SID}" \ 
-X POST -d '{"name": "test1", "ip-address": "10.10.10.10"}' https://mgmt_server/web_api/add-host

Output:

{
"uid" : "f0b7bdf9-ac56-46a3-8cf2-9687012afc89",
"name" : "test1",
"type" : "host",
"domain" : {
"uid" : "41e821a0-3720-11e3-aa6e-0800200c9fde",
"name" : "SMC User",
"domain-type" : "domain"
},
"ipv4-address" : "10.10.10.10",
"interfaces" : [ ],
"nat-settings" : {
"....

 

View solution in original post

8 Replies
PhoneBoy
Admin
Admin
‎2020-02-03 11:36 PM

Jump to solution
You have to enable API Access first.
See: https://community.checkpoint.com/t5/API-CLI-Discussion-and-Samples/Enabling-web-api/m-p/32641#M2011
0 Kudos
ias_gc-dk
Contributor
‎2020-02-03 11:37 PM
In response to PhoneBoy

Jump to solution

API access is already enabled. Otherwise I wouldn't be able to login in and get a session-id, would I?

0 Kudos
ias_gc-dk
Contributor
‎2020-02-03 11:57 PM
In response to ias_gc-dk

Jump to solution

I just checked the API status:

 

# api status

API Settings:
---------------------
Accessibility: Require all granted
Automatic Start: Enabled

Processes:

Name State PID More Information
-------------------------------------------------
API Started 23009
CPM Started 21940 Check Point Security Management Server is running and ready
FWM Started 22231
APACHE Started 5568

Port Details:
-------------------
JETTY Internal Port: 50276
APACHE Gaia Port: 443


--------------------------------------------
Overall API Status: Started
--------------------------------------------

API readiness test SUCCESSFUL. The server is up and ready to receive connections

 

----

The management-server part is set to "Anyhost" in the GUI.

ias_gc-dk
Contributor
‎2020-02-04 05:55 AM
In response to PhoneBoy

Jump to solution

just tried it with the allow all ip addreses set. no difference:

{
"code" : "generic_err_invalid_syntax",
"message" : "Payload is not a valid JSON"
}

Is there a log somewhere, where I can see more details as to why it thinks the payload is not valid JSON?

0 Kudos
masher
Employee
Employee
‎2020-02-04 09:22 AM
In response to ias_gc-dk

Jump to solution

Try putting putting your data in single quotes:

# curl -k -H "Content-Type: application/json" -H "X-chkp-sid: ${SID}" \ 
-X POST -d '{"name": "test1", "ip-address": "10.10.10.10"}' https://mgmt_server/web_api/add-host

Output:

{
"uid" : "f0b7bdf9-ac56-46a3-8cf2-9687012afc89",
"name" : "test1",
"type" : "host",
"domain" : {
"uid" : "41e821a0-3720-11e3-aa6e-0800200c9fde",
"name" : "SMC User",
"domain-type" : "domain"
},
"ipv4-address" : "10.10.10.10",
"interfaces" : [ ],
"nat-settings" : {
"....

 

ias_gc-dk
Contributor
‎2020-02-05 05:24 AM
In response to masher

Jump to solution

I just tried that, same result.

Then I tried using the jq tool to format the JSON for me and then pass it to awk, to make sure JSON was formatted correctly.  Granted I told jq to format it on one line (using -c), but the same result comes up.

Then I went basic, I did a little script that just logs into mgmt-server and then generates what I believe is the correct command so I could manually enter the command one by one: I ended up with this command:

 

curl -k -H "Content-Type: application/json" -H "X-chkp-sid: gLlxu0y9oG541DCyQmOPc1hPX0UiA_1111111111111" -X POST -d '{"name":"test1","ip-address":"10.10.10.10"}' https://mgmt_server/web_api/add-host

 

As far as I can see, the JSON is formatted correctly, but I still get the usual error-message:

{
"code" : "generic_err_invalid_syntax",
"message" : "Payload is not a valid JSON"
}

I am starting to think there is something malfunctioning with the management-servers API, because I have no problems posting to REST-api's on other systems using JSON formatting, e.g. Netbox.

0 Kudos
ias_gc-dk
Contributor
‎2020-02-05 05:44 AM
In response to ias_gc-dk

Jump to solution

hmm.. seems this was the solution after all.

After trying back and forth, I tried the same command again, just for the h.. of it and it suddenly worked.

I'll see where this takes me, thanks,

0 Kudos
ias_gc-dk
Contributor
‎2020-02-05 06:30 AM
In response to masher

Jump to solution

btw, I found this article on how to quote single-quotes inside a script:

 

https://stackoverflow.com/questions/1250079/how-to-escape-single-quotes-within-single-quoted-strings

perhaps its useful for others.

0 Kudos