You must authenticate to the Qualys VMDR Mobile using Qualys account credentials (user name and password) and get the JSON Web Token (JWT). Use the Qualys Authentication API to get the JWT.The client will first have to call the /auth API to fetch the token and then make actual API calls while passing the token in the headers as Bearer.
Example Authentication Curl Request:
API Request
The following table explains the various components of this request:
| qualys_base_url | It is the base URL for the Qualys API server where your account is located. The base URL for Qualys US Platform 1 is: https://gateway.qg1.apps.qualys.com |
| value1 and value2 | value1 is the username and value 2 is the password of the user account for which you want to fetch Certificate View data. |
| token | It must be true. |
| permissions | It must be true. |
| Content-Type | It must be application/x-www-form-urlencoded. |
The Authentication API returns a JSON Web Token (JWT) which you can use for authentication in VMDR Mobile.
Rate limit: Qgateway provides a facility of rate limiting based on the configurations done in QWeb BO. VMDR Mobile would ride on this already existing feature.
Curl is a multi-platform command-line tool used to transfer data using multiple protocols. This tool is supported on many systems, including Windows, Unix, Linux and Mac. In this document Curl is used in the examples to build Qualys API requests using the HTTP over SSL (https) protocol, which is required.
Want to learn more? Visit https://curl.haxx.se/
The following Curl options are used according to different situations:
|
Option |
Description |
|---|---|
|
-X “GET” |
The GET method is required for the VMDR Mobile API request. |
|
-H “Authorization: |
This option is used to provide a custom HTTP request header parameter Authorization: Bearer <token> For information about Qualys authentication API, see Authentication. |
The following sample shows a typical Curl request using the options mentioned and how they interact with each other.