Migrating from the Wazuh API 3.X
Wazuh API v4 introduces several new endpoints and also modifies or removes some of the old ones. The biggest change for all existing endpoints is the new response format. Endpoint responses have been changed according to the new RBAC standard and will no longer have items
and totalitems
fields. Most responses will have the following structure instead:
{
"data": {
"affected_items": [],
"total_affected_items": 0,
"total_failed_items": 0,
"failed_items": [],
},
"message": "",
"error": 0
}
Migrating users
The Wazuh API users are not migrated when upgrading the Wazuh API from 3.X to 4.X and newer versions. It is not recommended to migrate the users since there are numerous security changes to the Wazuh API. However, it is easy to create new users and assign them the administrator role with the following API requests (substitute <username> and <password>):
Create new user (POST /security/users)
# curl -k -X POST "https://localhost:55000/security/users" -H "Authorization: Bearer $TOKEN" -H "Content-Type: application/json" -d "{\"username\":\"<username>\",\"password\":\"<password>\"}"
{
"data": {
"affected_items": [
{
"id": 3,
"username": "<wazuh>",
"allow_run_as": false,
"roles": []
}
],
"total_affected_items": 1,
"total_failed_items": 0,
"failed_items": []
},
"message": "User was successfully created",
"error": 0
}
Assign administrator role (POST /security/users/{user_id}/roles)
# curl -k -X POST "https://localhost:55000/security/users/3/roles?role_ids=1" -H "Authorization: Bearer $TOKEN"
{
"data": {
"affected_items": [
{
"id": 3,
"username": "<wazuh>",
"allow_run_as": false,
"roles": [
1
]
}
],
"total_affected_items": 1,
"total_failed_items": 0,
"failed_items": []
},
"message": "All roles were linked to user <wazuh>",
"error": 0
}