API not authorized

[Kaputt4]

Hi and congratulations for this great tool @qjerome !

My question may seem silly because I'm fairly new to APIs, and the solution is probably a little detail, but I've spent hours trying to solve it without luck.

The problem is that I'm getting "Not Authorized" in every request to the APIs using cURL and Postman.
I'm including the header X-Api-Key with the value of the key fields in the manager configuration file. I've tried with both admin-api.users key as well as endpoint-api.endpoints keys, without luck.

I've tried with the keys' values from the default configuration file provided by the manager, and from the configuration.md example, to exclude format errors from the problem research.

I've also tried to reach both admin and endpoints APIs, and also using HTTP and HTTPS, without luck at all.

I'd really appreciate if you could help me to solve this dumb problem so that I can try the manager and the tool. Thanks!!

[qjerome]

Hi @Kaputt4,

Thank you for your support and for giving a try to the tool.

One thing you should keep in mind is that endpoint API is there to provide connectivity between endpoints and the manager. It is not meant to be queried by the end-user. Only the Admin API is made to administer endpoints.

The next step is to figure out what version of the tool you are using. Can you please tell me if you are using the latest beta or the stable release ? There are numbers of changes in beta release which have not been documented yet.

The problem you are having seems to be linked to a wrong API key you are using.
If you are using beta release, you first need to create the an admin user before you can use the admin API (by default there is no user in the DB). To do that, you have to use the manager's binary with the "-user" switch and use the credentials you get in order to establish connection to the admin API.

[Kaputt4]

Hi @qjerome,

I was trying at first with v1.7.0 stable release, but didn't manage to get it. With latest beta, v1.8.0-beta.6, I've been able to create the user following the steps you said and establish connection successfully to the admin API. Thank you so much.

Is there any chance to achieve the connection with v1.7.0? How can I get the user key? Or do you recommend using the latest beta to build the testing lab?

[qjerome]

Hi @Kaputt4,

Sorry for this lack of consistency between the documentation and the code. I actually plan to update the documentation when the next stable release will be published. I am glad you managed to make it work.

I would recommend you to use the beta releases instead of the last stable as a lot of new features are there and some bugs got corrected as well. Additionally, if you are using the beta release you can benefit from a consistent Open API documentation to query admin API. You can for instance navigate to the appropriate release tag on the repo and load ./doc/admin.openapi.json into swagger.
For example: https://validator.swagger.io/?url=https://raw.githubusercontent.com/0xrawsec/whids/v1.8.0-beta.6/doc/admin.openapi.json