Need help using Nebula API requests in python

[AlloySystems]

Hello everyone,

I am reaching out regarding help with trying to pull requests from the Malwarebytes Nebula API. 

Currently I have a python scrip where I am just trying to retrieve quarantine data: https://api.malwarebytes.com/nebula/v1/docs#tag/Quarantine

When I run the script I keep getting an error: 

 

{'error': 'missing_header', 'error_description': 'Missing required header', 'error_code': 2}

 

Here is my code

import requests
import os
import json

malwarebytesclientid = "ITS_A_SECRET"
malwarebytesclientsecret = "ITS_A_SECRET"
malwarebytesaccountid = "ITS_A_SECRET"  

#malwarebytes requests
malheaders = {"accountid":malwarebytesaccountid, "authorization":"Bearer " + malwarebytesclientsecret}
mstatusresponse = requests.get(ninjaurl, headers=malheaders)
mstatus_json = mstatusresponse.json()
print(mstatus_json)

I have a clientid, a clientsecret, and the accountid but yet its still saying I am missing a header. 

Does anyone have any suggestions to find the missing header required to pull a request?

 

Thank you for your time, 

[Porthos]

I would highly suggest that you open a support ticket with Business Support to work with them directly.

Submit Support Ticket

It can take a few days for a response as ticket volume is high at this time.

Edited March 13, 2021 by Porthos

[AlloySystems]

31 minutes ago, Porthos said:

I would highly suggest that you open a support ticket with Business Support to work with them directly.

Submit Support Ticket

It can take a few days for a response as ticket volume is high at this time.

Thanks - I just made a support ticket. I will update this forum post if I get any good results that maybe helpful for anyone else. 

 

Thanks again. 

[Lee-Wei]

I pointed Jay to the online API doc where there is a Python code example to get the Token using clientid and clientsecret.

[pi3]

On 3/14/2021 at 4:57 AM, Lee-Wei said:

I pointed Jay to the online API doc where there is a Python code example to get the Token using clientid and clientsecret.

I am facing the same issue. Can you please point me to same doc? I am unable to find any reference for getting Malwarebytes API token using clientid and clientsecret.

[Lee-Wei]

2 minutes ago, pi3 said:

I am facing the same issue. Can you please point me to same doc? I am unable to find any reference for getting Malwarebytes API token using clientid and clientsecret.

Follow this link and then scroll down a little and you should see the Python code sample.

https://api.malwarebytes.com/nebula/v1/docs#operation/api.oauth2.token

 

[zenput_aolvera]

Hello folks!

I am unsure what's missing from the example in the API documentation. I keep getting a "bad request" message. Has anyone been successful running the example?

[Porthos]

1 hour ago, zenput_aolvera said:

Has anyone been successful running the example?

I would highly suggest that you open a support ticket with Business Support to work with them directly.

Submit  Business Support Ticket  

It can take a few days for a response as ticket volume is high at this time.

[Lee-Wei]

from requests_oauthlib import OAuth2Session
from oauthlib.oauth2 import BackendApplicationClient

CLIENT_ID = "mwb-cloud-0da62f83045af10d3e294759dbd99999"
CLIENT_SECRET = "f3d17661ae36c60b733386ad1507bae493394fca2f13de20e7fc75d5f4399999"
CLIENT_ACCOUNT = "9aea7003-88e0-4744-bdbb-770fbfd99999"

def NEBULA_URL(path):
    return "{NEBULA_URL}{PATH}".format(NEBULA_URL="https://api.malwarebytes.com", PATH=path)

def get_nebula_client(client_id, client_secret, account_id):
    client_scope = ["read", "write"]
    headers = {"accountid": account_id}

    client = BackendApplicationClient(client_id, scope=client_scope)
    nebula = OAuth2Session(client=client, scope=client_scope)
    nebula.headers.update(headers)
    token = nebula.fetch_token(
        token_url=NEBULA_URL('/oauth2/token'),
        client_secret=client_secret, scope=" ".join(client_scope))
    return nebula

resp = get_nebula_client(CLIENT_ID, CLIENT_SECRET, CLIENT_ACCOUNT).get(NEBULA_URL('/nebula/v1/account'))

print(resp.json())

The above works for me:

- I need to add the libraries referenced, i.e. "requests_oauthlib"
- I added the 3 params, Client ID, Client Secret, and Client Account. The easy place to find the Client Account is the URL when accessing the Nebula console
- The last endpoint call to /endpoints is INCORRECT, because it should have been a POST, not GET. So I changed it to /account as an example

[zenput_aolvera]

Python version? I am using python 3.8 (I've checked the libraries, they are installed)

 

[zenput_aolvera]

I think this is the issue:
When creating the API token on the Nebula console, you select the scope (read, write, execute or any mix), on the python code, the client_scope list needs to match the scope selected for the id/secret pair.
 At least seems to be the case :P

[Lee-Wei]

8 minutes ago, zenput_aolvera said:

I think this is the issue:
When creating the API token on the Nebula console, you select the scope (read, write, execute or any mix), on the python code, the client_scope list needs to match the scope selected for the id/secret pair.
 At least seems to be the case :P

Fair enough. :)

The way it should work is that in the Python code, you can ask for less than you have, but not more.

So if the creds are created to have Read/Write/Execute, you can ask for less and it will work.

[Lee-Wei]

19 minutes ago, zenput_aolvera said:

Python version? I am using python 3.8 (I've checked the libraries, they are installed)

 

Not that it makes a difference at this point, for for reference I was using Python 3.10 on my macOS.