Skip to content

Page permalink

Always use the following permalink when referencing this page. It will remain unchanged in future help versions.

https://docs.sophos.com/nsg/sophos-firewall/19.0/Help/en-us/webhelp/onlinehelp/index.html?contextId=API-allow-access

Allow API access to administrators

You can allow API access to administrators with specific read-write permissions.

Add an administrator profile

Create an administrator profile with read-write permission for objects and network.

  1. Go to Profiles > Device access and create an administrator profile with specific rights.

  2. Click Save.

    Administrator profile with read-write permission.

Add an administrator

Create a user and add the administrator profile.

When you add a user with the API administrator profile, you can limit the administrator's rights based on the profile. Alternatively, you can use an existing administrator account.

  1. Go to Authentication > Users and click Add.
  2. Set User type to Administrator.
  3. Select the API administrator profile you created.
  4. To allow access for a specific time, select the Access time.
  5. To allow access only from specific IP addresses, select an option for Login restriction for device access.

  6. Click Save.

    Select an administrator profile.

Allow API access

Turn on API configuration and allow API access from the administrator's IP address.

  1. Go to Backup and firmware > API.
  2. Select API configuration.

  3. For Allowed IP address, enter the IP address from which you'll make the API request and click the add button.

    Note

    Make sure the zone of the administrator's IP address has access to the web admin console. You can do this on Administration > Device access using Local service ACL or Local service ACL exception rule.

  4. Click Apply.

    Allow API access.

More resources