Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 

API Command-line Client DEPRECATED

 

Use the API command-line client to make API calls when logged in to the JSA host as the root user. The API command-line client is experimental and will stabilize over future JSA releases.

You can use the API command-line client to complete the following tasks:

  1. Print API endpoints. To print all endpoints and information that is required to make calls against the endpoints, use the following command:

    /opt/qradar/bin/api_client --print_api
  2. Make requests to API endpoints.

Basic API Calls

A basic API call is a GET request to an endpoint that requires no parameters, for example:

/opt/qradar/bin/api_client --api /help/capabilities --method GET

The following table provides the arguments that you can use for basic calls.

Table 1: Arguments for Basic Calls

Argument

Definition

--api /api_name/endpoint

The path to your API endpoint. This path appends to https://ConsoleIPaddress/. For example:

https://ConsoleIPaddress/api/ reference_data/sets/

--method METHOD

Determines whether your API request is a GET, POST, or DELETE method. View the output of --print_api for the required method.

Calls with Path Parameters

You can add path parameters to modify the endpoint that you want to call and correspond to a place in the endpoint portion in the URL. Use the Name parameter, for example:

/referencedata/sets/{name}

To call a specific reference set in the Reference Data endpoint, place the name of the reference set in the path to the endpoint that you want to specify. For example, to retrieve the exampleset reference set, use the following call:

/opt/qradar/bin/api_client --api /referencedata/sets/exampleset --method GET

Calls with Query Parameters

Enter Query parameters with the following syntax:

--params param_name=param_value

For example, to get a list of all endpoints that use httpMethod POST, you can call /help/capabilities. Supply the query parameters httpMethods and version. The httpMethods parameter requires a JSON object. You can create a JSON object inside double quotation marks by using single quotation marks, squares brackets, and commas. For example:

/opt/qradar/bin/api_client --api /help/capabilities --method GET --params httpMethods="['POST']" version="0.1"

To determine which parameters are query or body parameters, view the output of --print_api.

Calls with Body Parameters

Enter body parameters in the same way that you enter query parameters, for example, --param_name=param_value. You must specify the content type of the body that you are sending with the --content_type TYPE argument. For example, when you load bulk data with a content type of element type ALN to an existing reference set that is named exampleset, type:

/opt/qradar/bin/api_client --api /referencedata/sets/bulkLoad/exampleset --method POST --content_type="application/json" --params data="['value1','value2','value3']"
Note

You must specify the --content_type argument. If not specified, the body is sent as a query parameter, and the API call fails.

Calls to Other Consoles

You can use the REST API command-line client to make API calls to a different console from the client you are running. Use the --hostname HOSTNAME argument to determine to which host name or IP address you want to send calls. Use the following syntax:

/opt/qradar/bin/api_client --api /ariel/databases --method GET --hostnameIP address

Stored Tokens Authorization

  • Inputting and storing--You can generate an authorization token on the JSA Console that you want to call. You can then enter that authorization token into the API client to use with subsequent calls. If the authorization token is valid, the token is saved to disk in the ~/opt/qradar/bin/api_client/tokens folder with the following file name: hostname.token.

  • Overwriting tokens--To overwrite a token for a console, make an API call to the Console by using the --overwrite_token argument, and then input a new token. If the token is valid, it is saved to disk.

User Name and Password Authorization

Use the --pap argument for API client to use a password-authorized protocol to authorize your API call, and then enter a user name and password. If you do not use an authorized service token, the API client cannot save your user name and password information for use by subsequent API calls to the same host.

API Client Help

Use the ./api_client -h argument to view all options for the API client.