API configuration
API access is turned off by default. You must turn it on and allow access to specific IP addresses.
Allow API calls from administrators' endpoints
To allow API calls from your endpoint, do as follows:
- Go to Backup and firmware > API.
-
Select API configuration.
It allows you to get, set, or remove the configuration using the API.
-
For Allowed IP address, enter your IP address.
You can only make changes from these sources. To get the IP address from which you access the web admin console, do as follows:
- Go to Log viewer and select Admin from the list.
- See the source IP address for your sign-in.
Note
To provide strict permissions that only allow access to specific administrators, see Allow API access to administrators.
Make an authentication request
The firewall authenticates administrators' API requests based on their credentials in the firewall.
The API client sends the credentials over HTTPS to the firewall to ensure security. HTTPS provides a secure channel between the client and server, encrypting the data in transit and ensuring that unauthorized actors don't intercept or modify the communication.
We recommend that you first verify that the port, IP address, and credentials work.
You must send the payload using the following URL:
https://<Firewall IP address>:<port>/webconsole/APIController
You can use any of the following mechanisms to test the connectivity and credentials.
In the Postman application, enter your credentials as follows:
-
Under Collections, click the plus button to create a new collection.
-
Under the collection, click Add a request.
-
Under New Request, use the following syntax to enter your firewall details:
https://<firewall's IP address>:<firewall's port>/webconsole/APIController
-
Click Body and click form-data.
-
Under Key, enter
reqxml
. -
Under Value, use the following syntax to enter your credentials.
<Request> <Login> <Username><your username></Username> <Password><your password></Password> </Login> </Request>
-
Click Send.
On the command-line of your Linux endpoint or the firewall, use the following syntax to enter your credentials:
curl -k "https://<firewall's IP address>:<firewall's port>/webconsole/APIController?reqxml=<Request><Login><Username><your username></Username><Password><your password></Password></Login></Request>"
You'll get the following response: Authentication successful.
API explorer
You can sign in and sign out users using the API.
When you sign in a user using API, in Current activities > Live users, the user's client type shows API client.
<Request><LiveUserLogin><UserName>admin</UserName><Password>abcd</Password><IPAddress>10.21.18.15</IPAddress><MacAddress>00:0C:29:2D:D3:AC</MacAddress></LiveUserLogin></Request>
<Request><LiveUserLogout><Admin><UserName>admin</UserName><Password>abcd</Password></Admin><UserName>sophos</UserName><IPAddress>10.21.18.15</IPAddress></LiveUserLogout></Request>
Example
https://<Sophos Firewall IP address>:4444/webconsole/APIController?SecureStorageMasterKey=Passw0rd@12345&reqxml=<Request><LiveUserLogin><UserName>admin</UserName><Password>abcd</Password><IPAddress>10.21.18.15</IPAddress><MacAddress>00:0C:29:2D:D3:AC</MacAddress></LiveUserLogin></Request>
More resources