Refreshing Access Tokens

Refreshing Access Tokens

To generate the access token again with the refresh token in your API client, use the method POST and the following URL:

https://<tenant-name>.cyberresprod.com/osp/a/<tenant-name>/auth/oauth2/token

Your <tenant-name> is part of the URL. For example, extremelyfocused is the tenant name in the following URL: https://extremelyfocused.cyberresprod.com/osp/a/extremelyfocused/auth/oauth2/granttoken

Select and specify Header and Body information as follows, where:

Authorization

Authorization type as Basic and

Client_ID: Client_Secret as base64 encoded

Use the client ID and secret that you created while Setting Up Access to REST APIs.

Header

Content-Type as application/x-www-form-urlencoded

Accept as application/json

Authorization as Basic

Body

Set grant_type as refresh_token

Set refresh_token as generated in Step 1

curl --location --request POST 'https://aa.cyberresprod.com/osp/a/extremelyfocused/auth/oauth2/token' \
--header 'Content-Type: application/x-www-form-urlencoded' \
--header 'Accept: application/json' \
--header 'Authorization: Basic Q2xpZW50SWQ6Q2xpZW50U2VjcmV0' \
--data-urlencode 'grant_type=refresh_token' \
--data-urlencode 'refresh_token=IWmk3ugO-KI-XlM16EXSS0WJKBeN08pGh3o'

Using SOAR REST APIs

To use the ArcSight SOAR REST APIs, follow the steps below:

  1. Navigate to https://<OMT-machine-hostname>/soar-api/api/v1/rest-api-docs.
  2. Specify Client ID as Username and Client Secret as Password.
  3. Click Sign in.

  4. After creating the REST Client definitions, you can access REST API details UI at /soar-api/api/v1/openapi.yaml to familiarize yourself with the API. In the REST API Details UI, you can access create scope item, update case, create case with or without scope items, create case comment and create case comment attachment functionalities.

    The following is a sample curl request to create a SOAR case:

    Note: The Authorization request header contains the Base64-encoded username/client id and password/client secret, separated by a colon. When handling the request, the server decodes the login details and checks if the user can access the requested content.
    curl -k -v 'https://<OMT-machine-hostname>/soar-api/api/v1/case' \
-H 'authorization: Basic ODI5ODE4NjctODA1NC00M2YxLWE2MTQtNzgzNTUyMzg1NGUwOmY7Si9Tc1xCZlZFP0FCUS5bdEJ5cmQ3aUZjNy9eV04w' \
-H 'accept: application/json' \
-H 'content-type: application/json' \
--data-raw '{"external_id":"54","rulename":"Action failed","subject":"Example subject","description":"Example description","creation_time":1647441423000,"severity":"Urgent","scopeItems":[{"role":"RELATED","value":"example@example.com","category":"EMAIL_ADDRESS"}]}' \