search

akamai / AkamaiOPEN-edgegrid-golang

This library implements an Authentication handler for the Akamai OPEN EdgeGrid Authentication scheme
Apache License 2.0
90 stars 69 forks source link

DXE-2672 400 Error - SIEM API #185

Open estelae opened 1 year ago

estelae commented 1 year ago

Describe the issue Using this library for the SIEM API (https://techdocs.akamai.com/siem-integration/reference/get-configid) returns a 400 error for missing parameters.

To Reproduce Steps to reproduce the behavior:

import (
   "github.com/akamai/AkamaiOPEN-edgegrid-golang/v5/pkg/edgegrid"
    ...
)

config := &edgegrid.Config{
   Host: host,
   ClientToken: clienttoken,
   ClientSecret: clientsecret,
   AccessToken: accesstoken,
}

path := "siem/v1/configs/12345?from=1488816784&to=1488816442&limit=1"
req, err := http.NewRequest("GET", fmt.Sprintf("https://%s/%s", host, path), nil)

if err != nil {
   fmt.Println(err)
}

config.SignRequest(req)

client := &http.Client{}
resp,err2 := client.Do(req)

if err2 != nil{
   fmt.Println(err2)
}

out, _ := io.ReadAll(resp.Body)
var unmarshal map[string]interface{}
json.Unmarshal(out, &unmarshal)
fmt.Printf("%+v",string(out))

Expected behavior An endpoint with a similar format https://host/prolexic-analytics/v2/time-series?destinations=ip&locations=agr&source=both works with this library using the above example, so it is unexpected for the SIEM endpoint not to work.

Actual behavior It outputs this error.

{
'type': 'https://problems.cloudsecurity.akamaiapis.net/siem/v1/missing-parameters',
'title': 'Missing mandatory parameter(s) or illegal parameter parameter(s) in the request',
'instance': 'https://{host}/siem/v1/configs/{configid}?from={from}',
'detail': 'Missing mandatory parameter(s) or illegal parameter parameter(s) in the request',
'method': 'GET'
...
}

Judging from the instance above, it appears that only the first query parameter is being recognized. If the & character is encoded to %26 in the signature generation then the instance variable changes to 'instance': 'https://{host}/siem/v1/configs/{configid}?from={from}&to={to}&limit={limit}', but gives a 401 error for the signature not matching. If the & character is encoded to %26 in the request and signature, then it returns a 400 error for missing parameters.

Please add a working example using this library for this endpoint (https://techdocs.akamai.com/siem-integration/reference/get-configid).

dstopka commented 1 year ago

Hi @estelae, I wanted to let you know that we're looking into both this and akamai/AkamaiOPEN-edgegrid-python#68, but it requires somewhat more investigation. I'll get back to you as soon as I have something to share.

Best regards, Darek

lkowalsk-akamai-com commented 1 month ago

Hi @estelae

SIEM api can only fetch data starting from 12 hours in the past. So, you may get 400 due to:

from & to needs to be within the past 12 hours from needs to be less than to

Looks like you are using some dummy values for the query params and mostporobalby this is the issue here.

Please let us know if this clarification helps.