BigFix REST API login in browser

Hi, I’ m trying to authenticate to my bigfix server using REST API.
I’m using this URL:

https://xxxxxxxxxx:52311/api/login?

and, correctly, the browser asks me user and password.

But I’d like to login giving my user and password as parameters written after https://xxxxxxxxxx:52311/api/login?

How can I do this? Which is the correct syntax to do it?

Thanks!

Not sure about through a browser, but if you use curl or invoke-restmethod then you can pass your creds that way

Right, I don’t think there are any url-encoded parameters for authenticating. Your client needs to support HTTP AUTH (as in curl command line) or passed in via HTTP Headers.

REST API isn’t really intended for interactive use in a browser - it’s an API, not a user interface. Connecting with the browser is useful for diagnosing connection errors, but to use the API, you should…use an API. A script, command-line tool, etc.

https://developer.bigfix.com/rest-api/examples/get-sites.html has examples in both curl and Python. PowerShell is also a widely-used option.

1 Like

Are you running a web reports instance? As a very basic example, this PowerShell code should let you post a session relevance query to Web Reports and get results back. What I like about this approach over REST is it using the access level for Web Reports so is purely a read-only. I add a stopwatch just so I can see how long a query takes to run.

$name = read-host "Enter your user name"
$pwd = read-host "Enter your password" -AsSecureString
$request = 'names of bes computers'
$webservice = New-WebServiceProxy -uri https://your.web.reports.url/webreports?wsdl
$stopwatch =  [system.diagnostics.stopwatch]::StartNew()
$webservice.Timeout = 600000
$output = $webservice.GetRelevanceResult($request,$name,[System.Runtime.InteropServices.Marshal]::PtrToStringAuto([System.Runtime.InteropServices.Marshal]::SecureStringToBSTR($pwd)))
write-host $($output.count) rows returned in $($stopwatch.Elapsed.Hours) hrs $($stopwatch.Elapsed.Minutes) mins and $($stopwatch.Elapsed.Seconds) seconds
$stopwatch.Stop()
write-host $output
3 Likes

Hi, thanks to everyone has answered. I’ve made some steps on…
Now I’m running a .bat file from an ASP page using

Set wshell=CreateObject(“WScript.Shell”)
wshell.Run Server.MapPath(".\SoftwarePortal\Batch\TaskList.bat")

In TaskList.bat I login to BigFix server using IEM.exe:
iem LOGIN -q --server=xxxxxxx --user=xxxxxx --password=xxxx --masthead ActionSite.afxm
then I get relevant task for my computer and I want to redirect output to %FileName%
iem GET query --relevance="(ids of it, names of it) of relevant fixlets whose (display name of site of it = “Software Portal”) of bes computer whose (name of it = “%COMPUTERNAME%”)" > %FileName%

If I run this .bat in a DOS window everything works fine: return code for login is 2 and return code for GET query is -1 , but when I run this .bat from the ASP file, it runs but I get

An unexpected error occurred : Windows Error 0x80070005: Access Denied.

I tried to substitute the iem command with another command as:
wmic qfe | find /i "KB4"
and it works.

It seems that from ASP you can’t run IEM.exe and that IIUSR cannot run this .exe

Could you help me in any way, please?

Thank you very much!!

Can’t speak from experience but thoughts based on my very limited exposure to IIS would be a) is there any access issues for executable in IIS as those could be a security concern is allowed by default, does IIS need the mime type for executable content need defining and does the IUSR account have permissions to the location of IEM.exe.

Thank you for your reply. In Mime Type I’ve already both .bat and .exe files and IIUSR have “complete control” permission to the directory where IEM.exe is. I can’t understand the reason…

I never got good with IIS, but I could hazard a guess.

I wonder if the redirect > %FileName% is the part that is lacking permission? From an IIS/ASP point of view, where does that file end up and does the process running the iem.exe command have access into the destination where the file is being written?

Suggest: take IEM.exe out of the picture and test this for access errors.
cmd.exe /C ping 1.1.1.1 > %FileName%