Getting Not Acceptable response via module, not via Postman

[devinnasar]

Hello,

I'm trying to call .get methods with this setup but I'm getting the following for responses:

L157-DevinNasar:~ devinnasar$ python3
Python 3.7.4 (default, Jul  9 2019, 18:13:23)
[Clang 10.0.1 (clang-1001.0.46.4)] on darwin
Type "help", "copyright", "credits" or "license" for more information.
>>> from snipeit import Consumables
>>> server = 'https://snipe-it.mydomain.com'
>>> token = 'asdjkbasdfjkabnsdf'
>>> C = Consumables()
>>> C.get(server, token)
b'<head><title>Not Acceptable!</title></head><body><h1>Not Acceptable!</h1><p>An appropriate representation of the requested resource could not be found on this server. This error was generated by Mod_Security.</p></body></html>'

I've placed the exact same values into Postman to double check that the server is accepting requests from my API key, and I definitely am getting responses there.

Is there something missing here? I don't think it's a server issue, despite the mod_security setting, as it's letting me in in Postman but not via the module. Thanks!

[devinnasar]

Further research indicates that this is a 406 error. I'm wondering if it's because there don't seem to by any Accept headers in the request?

[jbloomer]

Never seen that with the API before but mod_security is an Apache module. Can you confirm that module is installed and enabled in your Apache configuration?

[devinnasar]

Yes I can - It's installed as part of the hosting that Snipe is installed on.

Here's a sample of python that works against the api, generated by postman and very similar to that on the Snipe API documentation:

import requests

url = "https://snipe-it.mydomain.com/api/v1/consumables"

querystring = {"order":"%27asc%27"}

headers = {
    'Authorization': "Bearer asdfbnjiasdnf9732q2qjndsfasp8yh4 2sun",
    'User-Agent': "PostmanRuntime/7.15.2",
    'Accept': "*/*",
    'Cache-Control': "no-cache",
    'Postman-Token': "c6597959-9c76-42a6-9cec-c967e788d8d2,83f8e9bc-ad21-45bc-bfc4-2aae00732471",
    'Host': "snipe-it.mydomain.com",
    'Cookie': "snipeit_session=asdhjf20in2",
    'Accept-Encoding': "gzip, deflate",
    'Connection': "keep-alive",
    'cache-control': "no-cache"
    }

response = requests.request("GET", url, headers=headers, params=querystring)

print(response.text)

This seems to work. What I'm a little confused by is that I started jamming headers from the working example into the class file and still no dice.

[devinnasar]

Eureka!

The header that the Snipe-IT API seems to want is the User-Agent header. I copied that one over and finally got the module to return data. Do you have a place where one would set the user agent?

[jbloomer]

It would be in consumables.py in the class you are calling. 

You could do a headers.append() to add it before the requests call is made

Out of curiosity, what version of snipeit are you running? They have released several versions since this library was developed so something may have changed

[devinnasar]

I'm running v4.6.3 - build 3866. My company is moving to the hosted version being run by Snipe-IT itself, so I'm trying to make backfill imports for their existing data.

hmm. I'm researching sessions in the requests module right now. I'm wondering if it's possible to use a higher level class to shove request headers and cookies into and then call these methods from there. Gotta noodle it.