Cannot reset or create Wazuh API user on Wazuh 4.12

[yudha pra]

Hello, 

I am running Wazuh 4.12 and I’m having trouble managing API users.

• I tried to reset the default wazuh API user password using:
  
  bash wazuh-passwords-tool.sh -A -u wazuh -p 'MyNewPassword'
  
  

• But i always get error : ERROR: The given user does not exist

• 
  

• The tool at wazuh-passwords-tool.sh works, but that only changes Indexer users (stored in /etc/wazuh-indexer/internalusers.yml), not API users.  

Question :

• How can I verify which API users exist in Wazuh 4.12?
• Is the default wazuh API user supposed to always exist?
• If the API users were not initialized properly, what is the recommended way to reset or re-create them?

My goal is to have a working API user so I can connect external services (like n8n) and also keep the Wazuh Dashboard working (which uses wazuh-wui).  

Thanks beforee for helping me!

[Md. Nazmur Sakib]

Hello,

The Wazuh manager API has two default users:

wazuh: is the default Wazuh manager API administrator user.

wazuh-wui: is an admin user used for communications between the Wazuh dashboard and the Wazuh manager API. If you change the wazuh-wui password, you must update it in the Wazuh dashboard.

You can find the current wazuh-wui user password in the dashboard node.

tail /usr/share/wazuh-dashboard/data/wazuh/config/wazuh.yml

You can use this user and password to make any API request.

I am sharing a document that will be helpful for getting started with the Wazuh server API.
https://documentation.wazuh.com/current/user-manual/api/index.html

I will also suggest that you check our integration module, which is useful for integrating Wazuh with third-party integrations.

I am also sharing some resources related to integrating Wazuh with n8n.
https://www.youtube.com/watch?v=XZW4A5tOBjc&t=84s
https://github.com/maikroservice/wazuh-integrations

https://www.reddit.com/r/Wazuh/comments/1lxlsxp/wazuh_n8n_integration/

Now the command you are trying to use is not working, as it is not correct for changing the API user.

Let me share with you step by step on how to change the API user.

On your Wazuh server master node, download the Wazuh passwords tool and use it to change the passwords of the Wazuh API users.

curl -so wazuh-passwords-tool.sh https://packages.wazuh.com/4.13/wazuh-passwords-tool.sh

Now run this command.
sudo bash wazuh-passwords-tool.sh -A -au wazuh-wui -ap admin-password -u wazuh -p MytestPass123@#.

Where,

-A = Change the Wazuh API password given the current password.  Required for changing the Wazuh API passwords.

-au = Admin user for the Wazuh API.  Required for changing the Wazuh API passwords.

-ap = Current Password for the Wazuh API admin user. Required for changing the Wazuh API passwords.
-u = Indicates the name of the user whose password will be changed.

-p = Indicates the new password. Must be used with option -u

The password must have a length between 8 and 64 characters and contain at least one upper case letter, one lower case letter, a number and one of the following symbols: .*+?-.

If you change the wazuh-wui user’s password, update the /usr/share/wazuh-dashboard/data/wazuh/config/wazuh.yml 

configuration file with the new wazuh-wui password generated in the second step.

hosts:

  - default:

      url: https://127.0.0.1

      port: 55000

      username: wazuh-wui

      password: "<WAZUH_WUI_PASSWORD>"

      run_as: false

Restart the Wazuh dashboard to apply the changes.

systemctl restart wazuh-dashboard

Read the Password management document to learn more.

Let me know if you need any further assistance on this.