Good afternoon,

I'm working on an integration between my SEP Manager and another security product via the web api and there are two values I needare the Access Token and the Refresh TOken.  

I have created the Web Application in the API and also authorized the API following the documentation.  I'm given a key value back that according to the documentation I should pass to this page: https:// : /sepm/oauth/token?grant_type=authorization_c ode&client_id= &client_secret= &redirect_uri=ht tp://localhost/&code= Where my access code is at the end.  When I pass my value for access code in the portion "http://localhost/&code=XXXXX" I get "This XML file does not appear to have any style information associated with it. The document tree is shown below." Returned in the web browser.  According to the documentation provided I should get a JSON string w/ the two values I need.

What am I missing?

PS LOL for copy and and paste formating problems here

Bumping this up, anyone know about what I'm doing wrong?

Bumping this up, anyone know about what I'm doing wrong?

Hi,

I am about to get started with SEP API as well. However i do not even come that fare that I receive and access token. When I try the powershall sample I get "the variable '$auth_token_key' cannot be retrieved.

I have configured the config.xml and I am prompted for the login and the page which says authorize. But then I get the error above. Any hints?

I have also tried using postman. And not got further there either.

When you call the url https:// : /sepm/oauth/token?grant_type=authorization_c ode&client_id= &client_secret= &redirect_uri=ht tp://localhost/&code do you only supply the client id and secret or do you have the windows user / password as basic authentication as well?

Thanks.

Stefan

Has anyone found a solution to this problem of getting an access token?

I have a ClientID and ClientSecret and when I call the URL to get an access token I get challenged for authorization and then get presented with an Authorize button, but when I click the button I do not receive an access token.

I got this to work at last. I am on SEP 14 MP1. So I do not know if this works for other versions. The PDF attached (REST_API_Ref_SEP14.pdf) helped me.

1. Authenticate to Symantec Endpoint Protection Manager

- Post to https://sepserver:8446/sepm/api/v1/identity/authenticate

- Body

 {
"username" : "admin",
"password" : "password",
"domain" : ""
}

For me that worked only with the "Sysadmin" admin konto.

The result should look like this:

{
"domain": "Default",
"refreshToken": "cab16df1-58a2-4b8a-ad70-7b023db34025",
"refreshTokenExpiration": 43199,
"role": {
"bitMask": 8,
"title": "sysadmin"
},
"adminId": "AF3C39A10A320801000000DBF200C60A",
"clientId": "4767c33a-99be-4ef9-b41f-e8db00da10ee",
"clientSecret": "b65a52eb-c153-43f5-b9bd-6d2f0b43394f",
"bannerTitle": "",
"bannerText": "",
"username": "admin",
"fullname": null,
"token": "c34692c5-201d-4d94-b0f8-61ed03383337",
"tokenExpiration": 43199,
"permissionSet": {
"reportingRights": true,
"groupRights": true,
"siteRights": true,
"remoteCommandRights": true,
"policyRights": true
},

2. Send a query to get groups (just an example):

- Send get https://sepserver:8446/sepm/api/v1/groups

Authorization: Bearer c34692c5-201d-4d94-b0f8-61ed03383337

--> Here you have to use the token you received earlier.

And that should give you result like this:

{
"content": [
{
"id": "EF9C029A0A931BA7246C99C00F39133C",
"name": "Default Group",
"description": "",
"fullPathName": "My Company\\Default Group",
"numberOfPhysicalComputers": 1,
"numberOfRegisteredUsers": 1,
"createdBy": "AF3C39A10A320801000000DBF200C60A",
"created": 1477983046292,
"lastModified": 1477983046292,
"policySerialNumber": "EF9C-11/08/2016 12:21:22 652",
"policyDate": 1478607682652,
"customIpsNumber": "",
"childGroups": null,
"domain": {
"id": "FC1716470A931BA765167FEC6FDA9A5C",
"name": "Default"
},
"policyInheritanceEnabled": false
},
{
"id": "4541012E0A931BA7085259C3220013FB",
"name": "My Company",
"description": "",
"fullPathName": "My Company",
"numberOfPhysicalComputers": 0,
"numberOfRegisteredUsers": 0,
"createdBy": "AF3C39A10A320801000000DBF200C60A",
"created": 1477983046292,
"lastModified": 1477983046292,
"policySerialNumber": "4541-11/08/2016 12:21:22 652",
"policyDate": 1478607682652,
"customIpsNumber": "",
"childGroups": null,
"domain": {
"id": "FC1716470A931BA765167FEC6FDA9A5C",
"name": "Default"
},
"policyInheritanceEnabled": false

}
],
"size": 25,
"number": 0,
"totalPages": 1,
"lastPage": true,
"firstPage": true,
"sort": [
{
"direction": "ASC",
"property": "NAME",
"ascending": true
}
],
"totalElements": 2,
"numberOfElements": 2
}

So in fact I did not need ClientID or ClientSecret. However there might be other ways for the same result. So far it seems there is not much you can do with the REST API and also the documentation is not really clear.

Attachment(s)

REST_API_Ref_SEP14.pdf   232 KB 1 version

Many thanks for the examples above. I have now managed to get a token and I've also figured out how to refresh the token.

However every attempt to get data from the SEP Manager returns a login screen.

As a sanity check, please can you confirm that https://<sepmserverIP>:<port>/sepm/api/v1/version should work.

Many thanks,

Nick

Has anyone else managed to get stats on client updates (ie are all the client using the latest signatures) and threats detected using the API?

Hi all,

Just found the following link:

Endpoint Protection 14 REST API and PowerShell

https://support.symantec.com/en_US/article.HOWTO125873.html

The article contains some PoweverShell examples.

Stefan

This works, however, it seems I have to re-authenticate every few minutes. Not really sure this makes sense but what is everyone else seeing?