I am attempting to get a list of assets using the InsightVM Cloud api. I have generated an API key and authenticated successfully. When I use the InsightVM web interface, I am able to retrieve the asset list; however, when I connect via the API, I receive an error 401: Access to this resource is not allowed. Are there additional permissions I need to have configured for my account in order to access the assets via api? (I receive the same error when attempting to retrieve vulnerabilities, as well.)
There’s a couple different things to check but the first thing may be that you are querying against us instead of us2 or us3 depending on where you’re hosted. Log into InsightVM and look at the URL bar and see what your URL says. (Or check the Platform account)
Mine for example is hosted in us2:
If you’re also hosted in us2 or us3 just change the URL endpoint in your request.
alright, so 401 is saying there’s something wrong with the Authentication. Double check your x-api-key in Postman. I would suggest setting it at the Collection level and not at the request level. Let each request in the collection Inherit from Parent.
API key is entered correctly. I set it at the Collection level and received the same result. I wouldn’t think it could be an issue with the key itself, since I do receive results when querying scans.
That is correct, if you are a platform admin i would try generating an org key though and using that in the request instead to see what results you get.
If the org key doesnt work either then its possible that something in Postman is wrong.
Yea absolutely! I assume something funky was going on in Postman on how it was presenting the authentication or something.
Out of curiosity I even tried the same endpoint with both a User and Org API key and both requests worked. My User profile is full Admin though. If your profile is anything different that may have been the issue as well?
