Skip to content

Sophos Switch REST API

You can manage your Sophos switches using REST API.

Warning

You mustn't use the REST API to configure or administer your switch if you've not been trained in their use. Sophos accepts no responsibility or damage to your switch through the inappropriate use of API commands.

Obtaining the bearer token

To access the API of your switch, you'll need the API bearer token. The switch generates a new bearer token for each session. So, you must obtain a new bearer token when the current session is closed.

To obtain the token from your switch, use the /system/login API to obtain the bearer token. For more details, see PATCH/system/login.

Tip

There are many tools you can use to interact with the API, such as cURL, Postman, or other similar applications.

You can see an example request and response below.

Example

Request:

curl -k https://<Switch-IP address>/api/system/login -X PATCH -H 'Content-Type:application/json' -d '{"user":"admin","password":"your-password"}'

Response:

{
"restful_res":
    {
    "token":"xxxxxxxx.yyyyyyyy.zzzzzz",
    "utctimestamp":##########,
    "timeout":900,
    "errCode":0,
    "message":"OK"
    }
}

Using the API

Once you obtain the bearer token, you can use it to interact with further API commands. To do this, you must pass the token as an authorization header as part of a curl command. For example, the following request looks for the GET/ports API using the bearer token obtained in the previous example.

Example

curl -k https://<Switch IP Address>/api/ports -H 'authorization:Bearer xxxxxxxx.yyyyyyyy.zzzzzz'

For a list of the API commands, see the Sophos Switch API help.