AlloySystems Posted March 13, 2021 ID:1444518 Share Posted March 13, 2021 Hello everyone, I am reaching out regarding help with trying to pull requests from the Malwarebytes Nebula API. Currently I have a python scrip where I am just trying to retrieve quarantine data: https://api.malwarebytes.com/nebula/v1/docs#tag/Quarantine When I run the script I keep getting an error: {'error': 'missing_header', 'error_description': 'Missing required header', 'error_code': 2} Here is my code import requests import os import json malwarebytesclientid = "ITS_A_SECRET" malwarebytesclientsecret = "ITS_A_SECRET" malwarebytesaccountid = "ITS_A_SECRET" #malwarebytes requests malheaders = {"accountid":malwarebytesaccountid, "authorization":"Bearer " + malwarebytesclientsecret} mstatusresponse = requests.get(ninjaurl, headers=malheaders) mstatus_json = mstatusresponse.json() print(mstatus_json) I have a clientid, a clientsecret, and the accountid but yet its still saying I am missing a header. Does anyone have any suggestions to find the missing header required to pull a request? Thank you for your time, Link to post Share on other sites More sharing options...
Porthos Posted March 13, 2021 ID:1444551 Share Posted March 13, 2021 (edited) I would highly suggest that you open a support ticket with Business Support to work with them directly. Submit Support Ticket It can take a few days for a response as ticket volume is high at this time. Edited March 13, 2021 by Porthos Link to post Share on other sites More sharing options...
AlloySystems Posted March 13, 2021 Author ID:1444555 Share Posted March 13, 2021 31 minutes ago, Porthos said: I would highly suggest that you open a support ticket with Business Support to work with them directly. Submit Support Ticket It can take a few days for a response as ticket volume is high at this time. Thanks - I just made a support ticket. I will update this forum post if I get any good results that maybe helpful for anyone else. Thanks again. 1 Link to post Share on other sites More sharing options...
Staff Solution Lee-Wei Posted March 13, 2021 Staff Solution ID:1444571 Share Posted March 13, 2021 I pointed Jay to the online API doc where there is a Python code example to get the Token using clientid and clientsecret. 1 1 Link to post Share on other sites More sharing options...
pi3 Posted December 9, 2021 ID:1492218 Share Posted December 9, 2021 On 3/14/2021 at 4:57 AM, Lee-Wei said: I pointed Jay to the online API doc where there is a Python code example to get the Token using clientid and clientsecret. I am facing the same issue. Can you please point me to same doc? I am unable to find any reference for getting Malwarebytes API token using clientid and clientsecret. Link to post Share on other sites More sharing options...
Staff Lee-Wei Posted December 9, 2021 Staff ID:1492219 Share Posted December 9, 2021 2 minutes ago, pi3 said: I am facing the same issue. Can you please point me to same doc? I am unable to find any reference for getting Malwarebytes API token using clientid and clientsecret. Follow this link and then scroll down a little and you should see the Python code sample. https://api.malwarebytes.com/nebula/v1/docs#operation/api.oauth2.token 1 Link to post Share on other sites More sharing options...
zenput_aolvera Posted June 2, 2022 ID:1518405 Share Posted June 2, 2022 Hello folks! I am unsure what's missing from the example in the API documentation. I keep getting a "bad request" message. Has anyone been successful running the example? Link to post Share on other sites More sharing options...
Porthos Posted June 2, 2022 ID:1518417 Share Posted June 2, 2022 1 hour ago, zenput_aolvera said: Has anyone been successful running the example? I would highly suggest that you open a support ticket with Business Support to work with them directly. Submit Business Support Ticket It can take a few days for a response as ticket volume is high at this time. Link to post Share on other sites More sharing options...
Staff Lee-Wei Posted June 2, 2022 Staff ID:1518425 Share Posted June 2, 2022 from requests_oauthlib import OAuth2Session from oauthlib.oauth2 import BackendApplicationClient CLIENT_ID = "mwb-cloud-0da62f83045af10d3e294759dbd99999" CLIENT_SECRET = "f3d17661ae36c60b733386ad1507bae493394fca2f13de20e7fc75d5f4399999" CLIENT_ACCOUNT = "9aea7003-88e0-4744-bdbb-770fbfd99999" def NEBULA_URL(path): return "{NEBULA_URL}{PATH}".format(NEBULA_URL="https://api.malwarebytes.com", PATH=path) def get_nebula_client(client_id, client_secret, account_id): client_scope = ["read", "write"] headers = {"accountid": account_id} client = BackendApplicationClient(client_id, scope=client_scope) nebula = OAuth2Session(client=client, scope=client_scope) nebula.headers.update(headers) token = nebula.fetch_token( token_url=NEBULA_URL('/oauth2/token'), client_secret=client_secret, scope=" ".join(client_scope)) return nebula resp = get_nebula_client(CLIENT_ID, CLIENT_SECRET, CLIENT_ACCOUNT).get(NEBULA_URL('/nebula/v1/account')) print(resp.json()) The above works for me: - I need to add the libraries referenced, i.e. "requests_oauthlib" - I added the 3 params, Client ID, Client Secret, and Client Account. The easy place to find the Client Account is the URL when accessing the Nebula console - The last endpoint call to /endpoints is INCORRECT, because it should have been a POST, not GET. So I changed it to /account as an example Link to post Share on other sites More sharing options...
zenput_aolvera Posted June 2, 2022 ID:1518455 Share Posted June 2, 2022 Python version? I am using python 3.8 (I've checked the libraries, they are installed) Link to post Share on other sites More sharing options...
zenput_aolvera Posted June 2, 2022 ID:1518456 Share Posted June 2, 2022 I think this is the issue: When creating the API token on the Nebula console, you select the scope (read, write, execute or any mix), on the python code, the client_scope list needs to match the scope selected for the id/secret pair. At least seems to be the case :P Link to post Share on other sites More sharing options...
Staff Lee-Wei Posted June 2, 2022 Staff ID:1518457 Share Posted June 2, 2022 8 minutes ago, zenput_aolvera said: I think this is the issue: When creating the API token on the Nebula console, you select the scope (read, write, execute or any mix), on the python code, the client_scope list needs to match the scope selected for the id/secret pair. At least seems to be the case :P Fair enough. :) The way it should work is that in the Python code, you can ask for less than you have, but not more. So if the creds are created to have Read/Write/Execute, you can ask for less and it will work. Link to post Share on other sites More sharing options...
Staff Lee-Wei Posted June 2, 2022 Staff ID:1518458 Share Posted June 2, 2022 19 minutes ago, zenput_aolvera said: Python version? I am using python 3.8 (I've checked the libraries, they are installed) Not that it makes a difference at this point, for for reference I was using Python 3.10 on my macOS. Link to post Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now