I am trying to retrieve SCOM alerts using their REST API via curl. It keeps returning:
"errorMessage": "Index was outside the bounds of the array.",
"errorTrace": " at Microsoft.EnterpriseManagement.OMDataService.Filters.ValidateAntiForgeryTokenAttribute.OnActionExecuting(HttpActionContext actionContext)\r\n at System.Web.Http.Filters.ActionFilterAttribute.OnActionExecutingAsync(HttpActionContext actionContext, CancellationToken cancellationToken)\r\n...
First, I took my:
AuthenticationMode:<domain>\<username>:<password>
string and converted it to UTF8 and then used openssl to base64 encode that. I took that "token" and used it in my /OperationsManager/authenticate call like so:
curl --location --request POST 'https://myhostname/OperationsManager/authenticate' \
--header 'Content-Type: application/json; charset=utf-8' \
--data-raw '"<my_base64_encoded_token>"'
This returns me a "SCOMSessionId" and "SCOM-CSRF-TOKEN". I then take the "SCOM-CSRF-TOKEN" and make the following call to /OperationsManager/data/alert:
curl --location --request POST 'https://myhostname/OperationsManager/data/alert' \
--header 'Content-Type: application/json; charset=utf-8' \
--header 'SCOM-CSRF-TOKEN:<csrf_token_value_here>' \
--data-raw '{
"criteria":"(ResolutionState = '\''0'\'')",
"displayColumns": [
"severity","monitoringobjectdisplayname","name","age","repeatcount"
]
}'
What could I be doing wrong? All the documentation I find is centered around powershell.
The SCOM-CSRF-TOKEN needs to be decoded. I know it doesn't tell you this anywhere in the docs.
Using a site such as https://www.urldecoder.org/ will work, or if you are looking to do it programmatically you can use something like URI.decode(<your_token_value>) in ruby, for instance. There is this answer for just doing it in bash as well How to decode URL-encoded string in shell?