Qualys API Integration with Python

Question

Having spent the past few days trying to get the Qualys API to work with python, I am usually running into errors such as 401 and errors of that sort, due to the fact that python code examples say they are unsupported.

Since Qualys API is written with curl, I used Curl.trillworks.com to convert curl to python.

The code I used was: (curl)

curl -u "USERNAME:PASSWD" -H "X-Requested-With: Curl" -X "POST" -d
"action=create&title=My+Dynamic+Search+List&global=1&published_dat
e_within_last_days=7&patch_available=1"
"https://qualysapi.qualys.com/api/2.0/fo/qid/search_list/dynamic/"

and converted it into python:

import requests

headers = {
    'X-Requested-With': 'Curl',
}

data = [
  ('published_date_within_last_days', '7'),
  ('patch_available', '1'),
]

response = requests.post('https://qualysapi.qualys.com/api/2.0/fo/qid/search_list/dynamic/', headers=headers, data=data, auth=('USRNAME', 'PASSWORD'))
print (response)

And got a 401 response. Any ideas or any more clarifications I should add? Thanks

UPDATE - 12/27/2020

Its been a while since I had this problem. Not sure what the issue was but for anyone else having the same issue, I would recommend plugging in the CURL statements into tools like Insomnia or Postman which convert these into any language. That would help you get more accurate conversions.

Answer 1

I assume username/password input is not valid.

Answer 2

There are two issues, your data is list while it should be json and second is you should use HTTPBasicAuth while making requests with username and password.

Below is the corrected code

import requests
from requests.auth import HTTPBasicAuth


headers = {
    'X-Requested-With': 'Curl',
}

data = {
  'published_date_within_last_days': '7',
  'patch_available': '1',
}

response = requests.post('https://qualysapi.qualys.com/api/2.0/fo/qid/search_list/dynamic/', headers=headers, data=data, auth=HTTPBasicAuth('USRNAME', 'PASSWORD'))
print (response)

Answer 3

As per the Qualys API v10.16, you can try Session Based Authentication by passing QualysSession cookies after performing login.

Post login request:

login_api = api_url+"/api/2.0/fo/session/"

myheaders = { 'X-Requested-With': 'python'}
myparams  = { "action" : "login", "username" : api_username,  "password" : api_password} 

r_login =  requests.post(login_api, headers=myheaders, params=myparams)

print(r_login.status_code)
print(r_login.cookies.get_dict())

After getting the login ok response you can pass the cookies as dict ins subsequent get or post:

mycookies =  r_login.cookies.get_dict()
r_new =  requests.post(another_url, headers=myheaders, params=myparams, cookies=mycookies)