Skip to content

Sophos Switch REST API

You can manage your Sophos switches using REST API.


You mustn't use the REST API to configure or administer your switch if you've not been trained in their use. Sophos accepts no responsibility or damage to your switch through the inappropriate use of API commands.

Obtaining the bearer token

To access the API of your switch, you'll need the API bearer token. The switch generates a new bearer token for each session. So, you must obtain a new bearer token when the current session is closed.

To obtain the token from your switch, do as follows:

  1. Open an SSH connection to your switch.
  2. Use the PATCH/system/login API to obtain the bearer token. For more details, see PATCH/system/login.

You can see an example request and response below.



curl 'https://<Switch IP Address>/api/login' \
--data-raw {"user": "username","password": "yourpassword"}\


"token": "xxxx.yyyy.zzzz",
"errCode": 0,
"message": "OK"

Using the API

Once you obtain the bearer token, you can use it to interact with further API commands. To do this, you must pass the token as an authorization header as part of a curl command. For example, the following request looks for the GET/ports API.


curl 'https://<Switch IP Address>/api/ports' \
-H 'authorization: Bearer xxxxxxxx.yyyyyyyy.zzzzzz'

For a list of the API commands, see the Sophos Switch API help.