Hey everyone,
I've encountered a strange problem when using Invoke-RestMethod in my PowerShell script to call the Isolate machine API for Microsoft Defender for Endpoint. I've managed to find a workaround, but I'm really trying to wrap my head around why it happens.
The API requires a POST request to a specific URI formatted as follows:
`https://api.securitycenter.microsoft.com/api/machines/{MachineID}/isolate`
Here's what it needs:
- **Headers**:
- **Authorization**: Bearer {token} (Required)
- **Content-Type**: application/json (Required)
- **Body Parameters**:
- **Comment**: A string for the comment associated with the action (Required)
- **IsolationType**: A string indicating the type of isolation, which can be Full, Selective, or UnManagedDevice.
I assume $token is a valid SecureString OAuth token, and $MachineID is also valid based on previous successful API calls.
Here's the code I'm working with:
```powershell
$MachineID = "ABC123LOL"
$URI = "https://api.securitycenter.microsoft.com/api/machines/$($MachineID)/isolate"
$body = @{ "Comment"="Isolation test"; "IsolationType"="Full" }
# This line DOESN'T work
Invoke-RestMethod -Uri $URI -ContentType "application/json" -Method Post -Authentication Bearer -Token $token -Body $body
# However, this line DOES work
Invoke-RestMethod -Uri $URI -ContentType "application/json" -Method Post -Authentication Bearer -Token $token -Body ($body | ConvertTo-Json -Compress)
```
The problematic line throws a 400 error with a message saying the request body is incorrect:
```
Invoke-RestMethod:
{
"error": {
"code": "InvalidRequestBody",
"message": "Request body is incorrect",
"target": "|e7bf4ffb-47bb1ab2effc58d8.1.2."
}
}
```
I've used that non-working line numerous times without issues before, and I'm confused why it's failing now, especially since the method for converting hashtables to JSON seems to be broken in this specific context. Any ideas on what's causing this?
2 Answers
It sounds like the docs might be misleading. They note that when you pass a hash table to `Invoke-RestMethod`, it tends to work for GET requests by adding parameters to the URI instead of including them in the body. But for other types of requests, like POST, the body should follow a specific format. Your workaround of converting the hash table to JSON seems like the right call—sometimes the automatic conversion doesn't handle the specifics of an API's requirements well.
Interestingly, I've noticed that some of my own scripts behaved differently depending on whether I was using GET or POST. In fact, the last time I relied on passing a hash table directly was back in PowerShell 6, and it seemed to work fine. It's possible something in the cmdlet behavior changed in version 7.x, which might be why you're running into this issue now!
Totally! I've observed similar patterns in other PowerShell commands as things have evolved. It might be worth checking the history for any changes in the docs or source code.
I had a similar experience! I thought passing a hash table should work, but it really depends on the API's expectations. Seems like PowerShell's handling of requests can be a bit finicky with different content types.