skip to Main Content

I am currently developing a web application using .NET, and trying to request data from the VulDB vulnerability database via their API. In their documentation, they specify the process as follows (Source: https://vuldb.com/de/?kb.api):

To start an API query you have to do an HTTP POST request to the following resource:

https://vuldb.com/?api

[…]

Every request must include your personal API key. You may propose it as part of the POST data with the field apikey (you must enter the key without the brackets):

apikey=[your_personal_api_key]

I tried doing the POST by following the Microsoft tutorial here: https://learn.microsoft.com/en-us/dotnet/fundamentals/networking/http/httpclient#http-post

I followed the same tutorial earlier to create a GET request for another API, and it worked just fine.

Here is what I tried.

        public async Task<String> PostAsync()
        {
            using StringContent jsonContent = new(
                JsonSerializer.Serialize(new
                {
                    apikey="hereIsActuallyMyAPIKey",
                    recent=10
                }),
            Encoding.UTF8,
            "application/json");

            using HttpResponseMessage response = await _client.PostAsync("", jsonContent);

            var statusCode = response.EnsureSuccessStatusCode();
            return await response.Content.ReadAsStringAsync();
        }

Unfortunately, the response from the API says that the API key is missing.

{"response":
    {"version": "3.54",
     "format": "json",
     "status": "401",
     "lang": "en",
     "error": "API key missing",
     "querylimitmax": 0,
     [...]
}

Did I formulate my request false? I would love to get some pointers!

2

Answers


  1. Chosen as BEST ANSWER

    I managed to create a valid POST request by using the third party tool RestSharp (https://restsharp.dev/v107/#restsharp-v107). It allows the passing of parameters like this:

                var client = new RestClient("https://vuldb.com/de/?api");
                var request = new RestRequest("");
                request.AddHeader("X-VulDB-ApiKey", "APIKeyValue");
                request.AddParameter("recent", "10");
    
                var response = client.Post(request);
                return response.Content;
    

  2. Have you tried to pass the Api Key via the header ?

    On the documentation of VulDB API, I can read

    As an alternative it is possible to use it as a custom HTTP request header named X VulDB-ApiKey:

    X-VulDB-ApiKey: [your_personal_api_key]

    You can add your API key to the header with the code

    _client.DefaultRequestHeaders.Add("X-VulDB-ApiKey", "hereIsActuallyYourAPIKey");
    
    Login or Signup to reply.
Please signup or login to give your own answer.
Back To Top
Search