Jump to content

Need help using Nebula API requests in python

Go to solution Solved by Lee-Wei,

Recommended Posts

Hello everyone,

I am reaching out regarding help with trying to pull requests from the Malwarebytes Nebula API. 

Currently I have a python scrip where I am just trying to retrieve quarantine data: https://api.malwarebytes.com/nebula/v1/docs#tag/Quarantine

When I run the script I keep getting an error: 


{'error': 'missing_header', 'error_description': 'Missing required header', 'error_code': 2}


Here is my code

import requests
import os
import json

malwarebytesclientid = "ITS_A_SECRET"
malwarebytesclientsecret = "ITS_A_SECRET"
malwarebytesaccountid = "ITS_A_SECRET"  

#malwarebytes requests
malheaders = {"accountid":malwarebytesaccountid, "authorization":"Bearer " + malwarebytesclientsecret}
mstatusresponse = requests.get(ninjaurl, headers=malheaders)
mstatus_json = mstatusresponse.json()

I have a clientid, a clientsecret, and the accountid but yet its still saying I am missing a header. 

Does anyone have any suggestions to find the missing header required to pull a request?


Thank you for your time, 

Link to post
Share on other sites

31 minutes ago, Porthos said:

I would highly suggest that you open a support ticket with Business Support to work with them directly.

Submit Support Ticket

It can take a few days for a response as ticket volume is high at this time.

Thanks - I just made a support ticket. I will update this forum post if I get any good results that maybe helpful for anyone else. 


Thanks again. 

  • Like 1
Link to post
Share on other sites

  • 8 months later...
On 3/14/2021 at 4:57 AM, Lee-Wei said:

I pointed Jay to the online API doc where there is a Python code example to get the Token using clientid and clientsecret.

I am facing the same issue. Can you please point me to same doc? I am unable to find any reference for getting Malwarebytes API token using clientid and clientsecret.

Link to post
Share on other sites

  • Staff
2 minutes ago, pi3 said:

I am facing the same issue. Can you please point me to same doc? I am unable to find any reference for getting Malwarebytes API token using clientid and clientsecret.

Follow this link and then scroll down a little and you should see the Python code sample.



  • Like 1
Link to post
Share on other sites

  • 5 months later...
  • Staff
from requests_oauthlib import OAuth2Session
from oauthlib.oauth2 import BackendApplicationClient

CLIENT_ID = "mwb-cloud-0da62f83045af10d3e294759dbd99999"
CLIENT_SECRET = "f3d17661ae36c60b733386ad1507bae493394fca2f13de20e7fc75d5f4399999"
CLIENT_ACCOUNT = "9aea7003-88e0-4744-bdbb-770fbfd99999"

def NEBULA_URL(path):
    return "{NEBULA_URL}{PATH}".format(NEBULA_URL="https://api.malwarebytes.com", PATH=path)

def get_nebula_client(client_id, client_secret, account_id):
    client_scope = ["read", "write"]
    headers = {"accountid": account_id}

    client = BackendApplicationClient(client_id, scope=client_scope)
    nebula = OAuth2Session(client=client, scope=client_scope)
    token = nebula.fetch_token(
        client_secret=client_secret, scope=" ".join(client_scope))
    return nebula

resp = get_nebula_client(CLIENT_ID, CLIENT_SECRET, CLIENT_ACCOUNT).get(NEBULA_URL('/nebula/v1/account'))


The above works for me:

- I need to add the libraries referenced, i.e. "requests_oauthlib"
- I added the 3 params, Client ID, Client Secret, and Client Account. The easy place to find the Client Account is the URL when accessing the Nebula console
- The last endpoint call to /endpoints is INCORRECT, because it should have been a POST, not GET. So I changed it to /account as an example

Link to post
Share on other sites

  • Staff
8 minutes ago, zenput_aolvera said:

I think this is the issue:
When creating the API token on the Nebula console, you select the scope (read, write, execute or any mix), on the python code, the client_scope list needs to match the scope selected for the id/secret pair.
 At least seems to be the case :P

Fair enough. :)

The way it should work is that in the Python code, you can ask for less than you have, but not more.

So if the creds are created to have Read/Write/Execute, you can ask for less and it will work.

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.