cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
3084
Views
5
Helpful
7
Replies

API REST FXOS chassis 9300 or 4100 Firepower

Hi,

I was reading the below documentation about API REST of chassis (FXOS):

https://developer.cisco.com/site/ssp/firepower/ 

But I haven't found more information (only it is mentioned at http://www.cisco.com/c/en/us/td/docs/security/firepower/fxos/fxos211/cli-config/b_CLI_ConfigGuide_FXOS_211/introduction_to_the_firepower_9300.html?bookSearch=true) about FXOS API REST.

I have two pairs of 4100 Firepower and two pairs of 9300 Firepower, and they are connected to FMC 4000. I was trying to configure both pairs from API FXOS but I couldn't authenticate to FXOS API. FMC REST API is working and I can make GET, POST, etc.

Any idea about more information about FXOS API?

My request via POSTMAN is:

POST https://<Firepower Chassis_chassis_fqdn>[:management_port]/api/login

with HTTP Headers

Content-type HTTP set to application/json

USERNAME = <name of the user>

PASSWORD = <url_encoded_password>

Output is:

ERROR 400 with Payload

{
"error-code": "551",
"error-description": "Authentication failed",
"error-nr": "unidentified-fail"
}

Thank you in advance.

1 Accepted Solution

Accepted Solutions

So what output you see after using adjusted command which I have shared? Sill same error 552 as before?

Full command to be used:

curl -X POST -v -k -H "Authorization: Basic YWRtaW46VmtsYXV6b3YxMjM=" https://192.168.0.38/api/login --insecure -H "USERNAME=admin" -H "\
> Authorization:Basic YWRtaW46VmtsYXV6b3YxMjM=
> USERNAME:admin
> PASSWORD:Admin12345
> //Content-Type:application/x-www-form-urlencoded\
>
> "

Just keep in mind to change IP address 192.168.0.38 to your IP address of Firepower Chassis Manager / FXOS manager along with proper credentials, rest of the command attributes you can keep as above.

View solution in original post

7 Replies 7

neipatel
Cisco Employee
Cisco Employee

josemaria.perez,

Have you tried using basic authorization rather than directly adding the fields to the header? This will ensure that the encoding is done properly and should return a token back in the header for use in all subsequent requests. 

Hi neipatel:

Thanks for your helping. For example, If I make a curl to FMC 4000 to request the token, basic auth works but I have tried it for this case and I have the same output error. I have checked from Postman and CLI.

$ curl -k --user username:password https://<Firepower Chassis_chassis_fqdn>/api/login

Cache-Control: no-store, must-revalidate
Content-type: application/json

{"error-code": "552", "error-description": "Authorization required", "error-nr": "service-unavailable"}

Anybody know that it is working this API? FMC API is OK.

Hello,

What FCM/FXOS version are you using?

I have tried now on FXOS 2.1.1.77 and it is working fine, here is syntax as an example that you can use:

$ curl -X POST -v -k -H "Authorization: Basic YWRtaW46VmtsYXV6b3YxMjM=" https://192.168.0.38/api/login --insecure -H "USERNAME=admin" -H "\
> Authorization:Basic YWRtaW46VmtsYXV6b3YxMjM=
> USERNAME:admin
> PASSWORD:Admin12345
> //Content-Type:application/x-www-form-urlencoded\
>
> "
* Trying 192.168.0.38...
* Connected to192.168.0.38 (192.168.0.38) port 443 (#0)
* TLS 1.2 connection using TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
* Server certificate: FPR4100
> POST /api/login HTTP/1.1
> Host:192.168.0.38
> User-Agent: curl/7.43.0
> Accept: */*
> Authorization: Basic YWRtaW46VmtsYXV6b3YxMjM=
> Authorization:Basic YWRtaW46VmtsYXV6b3YxMjM=
> USERNAME:admin
> PASSWORD:Admin12345
> //Content-Type:application/x-www-form-urlencoded
>
>
< HTTP/1.1 200 OK
< Date: Tue, 16 May 2017 20:22:41 GMT
< Server: Apache/2.4.16 (Unix) CiscoSSL/1.0.2j.6.0.269-fips
< Set-Cookie: SSA_C=2e85c9ea-9997-40d5-9f61-5805170417f9; Path=/; secure; Version=1
< Set-Cookie: SSA_T="1494966162/ea1cc996-7eff-4ba5-b95f-409fcfa34d5d"; httponly; Path=/; secure; Version=1
< Set-Cookie: SSA_U=admin; httponly; Path=/; secure; Version=1
< X-Frame-Options: SAMEORIGIN
< Cache-Control: no-cache, no-store
< Pragma: no-cache
< Transfer-Encoding: chunked
< Content-Type: application/json
<
{"token": "1494966162/ea1cc996-7eff-4ba5-b95f-409fcfa34d5d", "refreshPeriod": "600"}
* Connection #0 to host192.168.0.38 left intact

Enjoy,

Veronika

Hi Veronika,

Thank you very much for your helping. The version of FXOS is 2.1.1.64 and FMC is 6.2.0. I have tried but it doesn't work for 4100 chassis. I will update firmware and FXOS next week and I will retry to connect to API.

All the best.

So what output you see after using adjusted command which I have shared? Sill same error 552 as before?

Full command to be used:

curl -X POST -v -k -H "Authorization: Basic YWRtaW46VmtsYXV6b3YxMjM=" https://192.168.0.38/api/login --insecure -H "USERNAME=admin" -H "\
> Authorization:Basic YWRtaW46VmtsYXV6b3YxMjM=
> USERNAME:admin
> PASSWORD:Admin12345
> //Content-Type:application/x-www-form-urlencoded\
>
> "

Just keep in mind to change IP address 192.168.0.38 to your IP address of Firepower Chassis Manager / FXOS manager along with proper credentials, rest of the command attributes you can keep as above.

Hi Veronika:

Now, it is working. I have the same output and I have the token :) . I think that my error was to encode my password wrong for the basic authentication.

It is working at 4100 and 9300 series.

Also, I have modified your POST request. I have deleted two headers, modified Content-Type to application/json (documentation from CISCO say: "All REST API clients must send an HTTP Accept Header that is set to application/json" from https://developer.cisco.com/site/ssp/firepower/) and curl command should be:

curl -X POST -v -k https://yourFXOS_IP/api/login --insecure -H "\
Authorization:Basic YWRtaW46VmtsYXV6b3YxMjM=
USERNAME:admin
PASSWORD:admin12345
//Content-Type:application/json\
"

For me, it is working.

Thank you very much for your helping.

You're welcome, you saved some time with upgrade that was not necessary. Glad that it works now.

By the way thanks for sharing Cisco recommendations and relevant doc.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: