To use the REST API, each call must be authenticated. For Control Center-managed firewalls, create a dedicated CC admin user and administrative role to allow REST API access. In the administrative role, you can differentiate between the internal and external interface and even grant write permissions to the REST API.
Step 1. Create a custom administrative role
- Go to CONFIGURATION > Configuration Tree > Multi-Range > Global Settings > Administrative Roles.
- Click Lock.
- In the Roles section, click + to create a new role.
Enter a Name for the role and click OK. The Roles configuration window opens.
Add the REST API access rights to the administrative role:
Select the Access to REST API check box.
Click Set/Edit to configure detailed permissions.
Configure the access rights:
- Internal API Access – Provides access to the complete REST API interface.
External API Access – Provides access to the REST API sub-interface.
- Write Access – Provides write access on the selected interface.
- Click OK.
- Click Send Changes and Activate.
Step 2. Create an admin account
Add an administrator account, configure authentication settings, and assign the administrative role to the account.
- Go to ADMINS.
- Click New Entry.
- Enter a Name for the account. This is the user login name.
- From the Range list, select which ranges the admin should be able to access.
- From the Cluster list, select which clusters that the admin can access.
- Click OK. The Administrator configuration window opens.
- For local authentication, configure username and password:
- Login Name – Enter the username for the REST API CC admin.
- Full Name – Enter the full name.
- Password – Enter the password.
- External Authentication – Select Local (No external Authentication).
- Assign the administrative role:
- Roles – Select the role created in step 1 and click Add.
- Shell Level – Select No Access.
- (optional) Change Login Event to a less verbose setting.
- Click OK.
- Click Activate.
The CC admin user you just created can now access the REST API interface for the ranges and clusters assigned to the user.