Research Academy
My account Customers About Blog Careers Legal Contact Resellers

Burp Suite User Forum

Create new post

Getting 401 Unauthorized while using Graphql API call

Srikanth | Last updated: Jun 16, 2021 06:58PM UTC

I am trying to create multiple sites for which there is no UI feature. So, i am using GraphQL API provided for BurpSuite Enterprise. However, to test my API Key and i called both Rest API and GrapghQL API. My API works when calling REST api at webserverURL/api/myapikey. However, It responds with error 77 while using GET at webserveruRL/graphql/v1. (FYI,I have included my API key using Authorization header in Postman i.e key = api_key and value= *******actualapikey ). I tried using POST Request to the graphql Api, which returned 401 unauthorized message. We have urgent need to sort this out. so, please assit me to resolve this issue. Thanks

Maia, PortSwigger Agent | Last updated: Jun 17, 2021 11:00AM UTC

Hi, Thank you for your message. Your key needs to be set to Authorization rather than api_key. Let us know if you have any further issues.

Srikanth | Last updated: Jun 17, 2021 02:01PM UTC

Thanks! That did the trick. Now, I am trying to delete the example site created for this test, Is it possible to remove from UI? If not Graphql mutation Query Delete Site asks for Site ID. How i can I find the site ID? Also, can you please modify below example GraphQL query & Variable to how we can create multiple sites with respective URL's and Folders at once. GraphQL Query: mutation CreateSite($input: CreateSiteInput!) { create_site(input: $input) { site { id name parent_id scope { included_urls excluded_urls protocol_options } application_logins { login_credentials { id label username } recorded_logins { id label } } scan_configurations { id } email_recipients { id email } ephemeral } } } GraphQL variable: { "input": { "name": "Example Site", "parent_id": "0", "scope": { "included_urls": [ "http://example.com" ], "excluded_urls": [] }, "application_logins": { "login_credentials": [], "recorded_logins": [] }, "scan_configuration_ids": [], "email_recipients": [] } }

Maia, PortSwigger Agent | Last updated: Jun 17, 2021 03:47PM UTC

Hi, Yes, you can delete it through the web UI. You can also use the SiteTree object to discover the site IDs. There is an example of this in the GraphQL documentation here: https://portswigger.net/burp/extensibility/enterprise/graphql-api/SiteTree.html I will respond to your email regarding the creation of multiple sites.

Srikanth | Last updated: Jun 17, 2021 03:51PM UTC

Thanks! I have found the delete option in the UI. I will be in the lookout of your Email for creating multiple sites.

You must be an existing, logged-in customer to reply to a thread. Please email us for additional support.