I often utilise Postman to query the Open-AudIT API when developing.
...
Once that's done, it's time to request some data. Make a GET request to http://192.168.84.4/omk/open-audit/devices and you should get a JSON response containing a list of devices. You can see the start of the JSON in the screenshot below.
Update
What about changing the attribute of an item? Not too difficult. You'll need the ID of the device you want to change, along with the attribute name from the database and an access token.
Access tokens are generated with every request type. You will need a token when submitting a POST or PATCH request. Run another query (a GET is fine, even if no items are returned) and parse the JSON reponse for meta → access_token. Include this in your request body as below.
Attribute names are visible in the application by going to menu → Admin → Database → List Tables and clicking on the "system" table. Let's change the description for our device with ID 14.
You'll need to create a JSON object and assign it to the "data" item to do this. It's not too difficult. Your JSON object should look like below (formatted and indented for easy reading).
Code Block |
---|
{ "data": { "access_token": "bbc0c85653fdc4b83d108cba7641bfcbbc77586dfb8f32d08973770a90fe", "id": "14", "type": "devices", "attributes": { "description": "My New Description" } } } |
...
So now you have your payload, let's send it to Open-AudIT. Make a new PATCH request and use the URL http://192.168.84.4/omk/open-audit/devices/14. Supply the data attribute in the body → x-www-form-urlencoded section and hit Send. You should see the request as below.
Delete
Deleting an item is the even easier. Let's delete an Org. In this case, our Org with ID 2. Make a new DELETE request to http://192.168.84.4/omk/open-audit/orgs/2. That's it - easy
And if we want to read a specific entry, it's just a GET request. Let's get our default Org - ID 1. Just make a GET to http://192.168.84.4/omk/open-audit/orgs/1.
Execute
What about running a query? What's the HTTP verb used to EXECUTE something? There is none But we'll make do by supplying /execute after the ID. So to execute a query, make a GET request to http://192.168.84.4/omk/open-audit/queries/1/execute. To execute a discovery, task or baseline, use the same format - ID/execute.
Create
If we want to create a new item, use a http HTTP verb of POST^ POST and include an access token. An access token is generated with every request (except logon) and any of the last 20 (by default, settable in the configuration) will be accepted. You should always aim to use the last access token issued.
Code Block |
---|
{
"data": {
"access_token": "bbc0c85653fdc4b83d108cba7641bfcbbc77586dfb8f32d08973770a90fe",
"type": "orgs",
"attributes": {
"name": "My Org",
"parent_id": 1
}
}
} |
Output
Remember we always receive the result in JSON as that is in our request header. We could receive it as HTML is we want - just remove that header item. Maybe more useful is a CSV output. Remove the Accept header and change the URL for a GET to http://192.168.84.4/omk/open-audit/queries/1/execute?format=csv. Done - CSV output you can copy and paste into Excel.
It really is that simple. The only one to watch is the PATCH request, because you have to create your own JSON. Just about everything else is quite discoverable. Make sure you check the pages for Collections which detail the request formats. And don't forget The Open-AudIT API page as well.
That makes for a simple and easy way to test the Open-AudIT API.
For more examples, please our new page API Examples for Postman
Onwards and upwards.
Mark Unwin.