AnsweredAssumed Answered

API HTTP redirect with POST requests

Question asked by Luigi Pardey on Sep 20, 2017
Latest reply on Sep 28, 2017 by Busby

Hi Qualys Support,

 

Using the API v2 I've noticed that when requests are mistyped and there is no trailing slash at the end of the path (e.g. /api/2.0/fo/scan instead of /api/2.0/fo/scan/) returns a HTTP 301 status code. This is fine only if the API supports the HTTP GET method as well. However if the API only supports POST (e.g. /api/2.0/fo/asset/ip/?action=add) then the HTTP 301 will make the client follow the redirect with a GET request, breaking functionality.

 

I suggest the API is changed such that any redirects are done using HTTP 307 instead, which is an error code that specifies the request method for the redirect must be the same as the first request.

 

Kind regards,

Luigi

Outcomes