InsightVM API call using Post Man - 400 Bad request

Hi All,

I am making Insight VM API call using post man and getting 400 bad request error as below. Could anyone please help here what I am missing.

Thanks & Regards
Ashish Rajguru

I sent a private message about your screenshots but check the Params tab. If you downloaded the swagger and used it then we probably have some example values in the Params tab that need to be disabled or change to real values.

Also if you’re using the InsightVM API v(3) the URL you are using needs to be the console and not the AWS resource. Also the authentication needs to be a username and password from the console and not a platform api-key.

Hi there,

Thank you for your reply. url i am using is -
isn’t this a valid url? Could you please help with correct url we should be using. our datastorage region is Australia. is the same url we used at the time of Insight IDR integration. but it’s not working in Insight VM case. also didn’t understand authentication part. could you please explain bit in detail.

Thanks in advance.
Ashish Rajguru

The InsightVM API isn’t against the cloud component like the InsightIDR API is. The InsightVM API is against the console.

The authentication uses a base64 encoded version of a local account in “username:password” fashion.

You can read up more about it here in the InsightVM API documentation

At the top of the page it talks about versioning and authentication.

Hi There,

Thank you for your reply.

Is there any cloud API against Insight VM component?
If we use this console component, do we need to publish this OpenAPI spec somewhere? could you please confirm below authentication for the authorization.

Authentication : Basic Authentication
UserName: ??
Password: base 64 encoded version of username:password


Please correct me if i am missing anything here.

There is a cloud API for InsightVM but it has limited functionality compared to the console API. The Cloud Integrations API for InsightVM can be found here:

For the InsightVM API v3 which you have shown, the API needs a base64 encoded version of username:password. Luckily for you since your using Postman, that encodes it for you. Use the method you have in this screenshot and for the Username use an actual username of a local account on your console. The password would be the actual password for that account. Postman will take it from there and encode it for you and add it as a header in the request.