On this page you can create and delete API tokens.

RESTful API allows users to write programs or scripts to configure one or more Sophos UTM units automatically. Before a program or script can use the RESTful API, Sophos UTM has to authenticate against it. There are two ways to authenticate against the RESTful API: Using the name of a Sophos UTM user with a password or an API token. API tokens are randomly generated strings that are associated with a Sophos UTM user, with the same access rights as the user. Authentication always uses HTTP basic authentication. If you use an API token instead of a Sophos UTM user, the HTTP basic authentication username is "token" and the API token is the password.

To create an API token, proceed as follows:

  1. Enable RESTful API.

    Click the toggle switch.

    Note – When the Sophos UTM instance is running on Amazon Web Service (AWS), RESTful API is enabled by default.

  2. Click the New API Token button.

    The Add API Token dialog box opens.

  3. Make the following settings:

    API Token: Enter the API token or use the automatic generated API token.

    Note – API token is an alternative authentication method like a password but without a username. It is recommended to use the automatic generated API token, generated by Sophos UTM, to ensure that the API token is unique and sufficiently complex.

    User: Select a user for the API token.

  4. Click Save.

    The API token is added to the API Token list.