I am currently developing a web application using .NET, and trying to request data from the VulDB vulnerability database via their API. In their documentation, they specify the process as follows (Source: https://vuldb.com/de/?kb.api):
To start an API query you have to do an HTTP POST request to the following resource:
[…]Every request must include your personal API key. You may propose it as part of the POST data with the field apikey (you must enter the key without the brackets):
apikey=[your_personal_api_key]
I tried doing the POST by following the Microsoft tutorial here: https://learn.microsoft.com/en-us/dotnet/fundamentals/networking/http/httpclient#http-post
I followed the same tutorial earlier to create a GET request for another API, and it worked just fine.
Here is what I tried.
public async Task<String> PostAsync()
{
using StringContent jsonContent = new(
JsonSerializer.Serialize(new
{
apikey="hereIsActuallyMyAPIKey",
recent=10
}),
Encoding.UTF8,
"application/json");
using HttpResponseMessage response = await _client.PostAsync("", jsonContent);
var statusCode = response.EnsureSuccessStatusCode();
return await response.Content.ReadAsStringAsync();
}
Unfortunately, the response from the API says that the API key is missing.
{"response":
{"version": "3.54",
"format": "json",
"status": "401",
"lang": "en",
"error": "API key missing",
"querylimitmax": 0,
[...]
}
Did I formulate my request false? I would love to get some pointers!
2
Answers
I managed to create a valid POST request by using the third party tool RestSharp (https://restsharp.dev/v107/#restsharp-v107). It allows the passing of parameters like this:
Have you tried to pass the Api Key via the header ?
On the documentation of VulDB API, I can read
You can add your API key to the header with the code