This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Jim_Oqvist
Employee
Employee
‎2016-05-16 12:24 AM

How-to use Postman with R8x Security Management API

What is Postman

Postman is a free Google Chrome extension that can be used for testing and experimenting with web-services

You can find the latest postman collection file for R80 Security Management API here postman_collection.json

 

Installation

1) Launch "Google Chrome" and enter "chrome://apps" in the URL bar.

image2016-3-23 13_43_54.png

2) Open "Web Store"

3) Search for "Postman"

image2016-3-23 13_49_8.png

4) Click on "Add to Chrome" and the following should appear:

image2016-3-23 13_50_55.png

5) Add the app and then click on "Launch App"

 

Setup Postman to work with the R80 Security Management API

1) You can import a list of APIs into your Postman environment using Postman's "collection" feature. This stored list of APIs can help you avoid syntax errors and save you time finding APIs. The various Postman collections can be found as follows:

2) Launch Postman, and click on the "import collection" button.

image2016-3-23 14_6_49.png

3) Select "choose files" and select the collection file that you have. After selecting the file, you should see something like this:
     

4) On the left part of the screen, you should now see the text similar to "Web API – take hero3– 991000104". Click on this text, to see the list of API calls grouped by categories.

image2016-3-23 14_10_39.png

5) To set-up the environment variable, click on "Manage environments" and click on add

image2016-3-23 14_15_22.png    ----> image2016-3-23 14_19_24.png

6) Add a key called "server" and set it with the value: https://<your-mgmt-ip-address>/web_api

7) Add a key called "session", you can leave its value empty.

😎 Click the "Add" button, to exit this dialog.

9) Click the "X" button to exit the “Manage Environments” screen

image2016-3-23 14_23_45.png

Activating and testing the R80 Security Management API

1) Open SmartConsole R80, and login to the R80 Security Management

2) When the GUI is opened, go to : Manage & settings -> Blades -> Management API -> Advanced Settings

3) Check “Automatic start”, and pick “All IP Addresses that can be used for GUI clients or All IP addresses”.

4) Press OK

image2016-3-23 14_29_7.png

5) Publish

6) Run the command api reconf from clish

7) Make sure the management API server is up and running. Browse to: https://<your-mgmt-ip-address>/api_docs/

You need to accept the self signed certificate warning

image2016-3-23 14_42_50.png

😎 You should now see the R80 Management API reference guide

image2016-3-23 14_44_9.png

 

9) In Postman:

(A) change the postman environment to the one you set in the previous step.
(B) locate the "Login" command in the list of APIs on the left and click on it.
(C) Change the values for the user-name and password.
(D) Click on the "send" button

image2016-3-23 14_49_16.png

10) The output of the "Login" command contains a session-ID (sid) value. This value should be used by all other API calls in the same session as a way to prove the authenticity of the user behind the API call. To set the session-ID for subsequent API calls select the sid value, right click and select "Set:" -> "session".

image2016-3-23 14_56_47.png

11) You're done! Choose any other API calls from the collection and run it.

(1)
24 Replies
Uri_Bialik
Mod
Mod
‎2016-09-29 06:10 AM

Postman is now available also as a native application for Mac and Windows: https://www.getpostman.com/apps

In the native apps, it is possible to avoid the certificate warnings by disabling "SSL certificate verification" (under "File > Settings > General" ).

Mark_Sowell
Employee
Employee
‎2017-02-25 01:35 PM

To automatically set the session-ID (sid) value add the following under "Tests" on the login command:

var jsonData = JSON.parse(responseBody);

postman.setEnvironmentVariable("session", jsonData.sid);

Eugene_Grybinny
Employee Alumnus
Employee Alumnus
‎2017-07-23 02:31 AM

I'm attaching the postman collection for R80.10

postman_collection_R80_10.json.zip
Juan_Concepcion
Advisor
‎2017-08-15 08:32 PM

Is it expected with Postman that when you push a change via API it doesn't show there is anything to publish?  I went through an exercise running through some exercises and was confused when, after doing a send, I didn't see anything to publish??

--Juan

0 Kudos
Eugene_Grybinny
Employee Alumnus
Employee Alumnus
‎2017-08-15 11:08 PM
In response to Juan_Concepcion

Hi Juan,

Can you share which commands you use? 

0 Kudos
Juan_Concepcion
Advisor
‎2017-08-16 05:04 AM
In response to Eugene_Grybinny

78 KB
35 KB
0 Kudos
Juan_Concepcion
Advisor
‎2017-08-16 05:10 AM
In response to Eugene_Grybinny

Also I’m using the R80.10 api libraries.

0 Kudos
Eugene_Grybinny
Employee Alumnus
Employee Alumnus
‎2017-08-17 02:19 AM
In response to Juan_Concepcion

Hi Juan,

Am I right that you are using a Cloud Demo Server?

I've just tried adding a host and publishing the change on a Cloud Demo Server and it looks like everything is OK.

Adding a host

Publishing the change and getting the task ID

Checking the task status

Are these operations the same to ones you are doing?

0 Kudos
Aaron_Vivadelli
Contributor
Contributor
‎2017-08-17 01:00 PM

What's the best way to add multiple objects through API?  The Postman examples are cool, but I can't figure out how to get it to create more than 1 host.  I saw in the webinar that you can do it with a CSV file and the mgmt_cli command, can Postman pull from a CSV as well?

A side question, I think it would be really powerful if there was a tool that could take a management server database (migrate export or even a mgmt_cli command) that could give you the mgmt_cli commands to rebuild those objects, rules, policies, etc. on another management server.  Can you do something like this with the Management API?

I just joined CheckMate's, there is some pretty good stuff here.  Keep up the good work.

Aaron

0 Kudos
Juan_Concepcion
Advisor
‎2017-08-17 05:44 PM
In response to Aaron_Vivadelli

I was informed that with Postman you can only create 1 host at a time.

0 Kudos
PhoneBoy
Admin
Admin
‎2017-08-17 08:17 PM
In response to Aaron_Vivadelli

The API only allows you do it one at a time.

I believe (though https://community.checkpoint.com/people/ubialbf7dd8c7-dd84-3fc4-99ca-eec4929a35ad‌ can correct me if I'm wrong) that the CSV import option is unique to mgmt_cli.

Based on the API docs, it would have to call the API once per entry you want to create.

As far as dumping the current management database as mgmt_cli commands, this is not possible today.

0 Kudos
Gary_Lipets
Participant
‎2017-08-18 01:46 PM
In response to PhoneBoy

I had someone who scripts better help me with this, but here is an easy solution

$ cat checkpoint_host_obj_api_create.sh
#!/usr/bin/env python

import argparse, socket, struct

parser = argparse.ArgumentParser()
parser.add_argument('inputFile', help = 'File that contains host IP addresses')
args = parser.parse_args()

inputFile = args.inputFile

with open(inputFile, 'r') as file:
input = file.read().split()

for i in input:
print 'add host name \"host_%s\" ip-address \"%s\"' %(i, i)

glipets@GLIPETS ~/unix/bin

$ cat sample.txt
10.1.1.1
10.2.2.2

glipets@GLIPETS ~/unix/bin

$ ./checkpoint_host_obj_api_create.sh sample.txt
add host name "host_10.1.1.1" ip-address "10.1.1.1"
add host name "host_10.2.2.2" ip-address "10.2.2.2"

Paste the output into SmartConsole CLI

Infrastructure_
Participant
‎2017-08-23 03:31 AM

I am getting a 403 error if I try to go to the API address https://<your-mgmt-ip-address>/api_docs/. I also get the same error when I try to run using the postman example 
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html>
    <head>
        <title>403 Forbidden</title>
    </head>
    <body>
        <h1>Forbidden</h1>
        <p>You don't have permission to access /web_api/login on this server.
            <br />
        </p>
    </body>
</html>
I cannot even use the management cli through PowerShell. I get the following error for that
message: "Error 403. Access to the API server is forbidden. Please check the Management API blade settings to make sure that the server is allowed to accept requests from this IP address."
code: "generic_error"
The only place I can run management cli commands are from the smartConsole. I know I am using the correct credentials and I also can see in the logs the firewall is allowing the traffic through.

0 Kudos
Gary_Lipets
Participant
‎2017-08-23 07:23 AM
In response to Infrastructure_

click publish after changed access settings in step 4

Infrastructure_
Participant
‎2017-08-23 07:50 AM
In response to Gary_Lipets

Hello Gary,

Thanks for your reply I have got this configuration now but previously I had it on "All IP addresses that can be used for GUI clients" and I was trying from the machine where I had smartConsole installed. I was hoping that that configuration to work.

0 Kudos
PhoneBoy
Admin
Admin
‎2017-08-23 08:52 AM
In response to Infrastructure_

It's possible using this setting that you ran into what appears to be a bug: https://community.checkpoint.com/message/7459-r8010-api-bug-fallback-to-smartcenter-only-after-reboo...

0 Kudos
Infrastructure_
Participant
‎2017-08-23 09:23 AM
In response to PhoneBoy

Hello Dameon,

Thanks for the information. I believe you are right.

0 Kudos
Philipp_Franzen
Explorer
‎2017-09-18 07:09 AM

Hey there,

I'm trying to connect to our management server via the web API. I did all the steps mentioned above, but I'm still unable to login with postman; I'm either getting a http/403 error (when trying to connect to the management server via its fqdn) or a http/405 error (when trying to connect to the management server via its short name). I can access the API documentation on the management server (https://name-of-the-management-server/api_docs) and the the cli-command "api status" tested the API readiness as "successful"; the IP of my client is also listed in the list of required IPs. It's also possible to connect to the management server via SmartConsole with the username/password I've used to connect to the web API.

Any idea what I've could be missing / what could be going wrong?

Philipp

0 Kudos
Juan_Concepcion
Advisor
‎2017-09-18 07:23 AM
In response to Philipp_Franzen

Did you set the session?

--Juan

0 Kudos
Philipp_Franzen
Explorer
‎2017-09-19 03:02 AM
In response to Juan_Concepcion

Hi Juan,

I found the problem. I could see in the logs on the management server (/var/log/httpd2_error_log) that Postman tried to connect to the management server via our proxy server, even though I disabled that feature in the settings. The IP of the proxy server isn’t allowed to access the management API, so the request was denied.

Since my installation of Postman won’t recognize its proxy settings I’m using this workaround:

- Start a cmd
- Go to the Postman directory (i.e. C:\Users<Your_Windows_Username>\AppData\Local\Postman\app-5.2.0)
- Issue the following commands:
      set HTTP_PROXY=
      set HTTPS_PROXY=
      start Postman.exe

Postman will start, it won't use the proxy and I'm able to connect / login to the management server via the web API.

Philipp

0 Kudos
Martin_Raska
Advisor
Advisor
‎2018-02-02 06:42 AM

Hi,

dont forget in Posman - settings - general - turn OFF validation SSL certificate or you wont be able to connect if certficate is untrusted.

0 Kudos
Nick_Doropoulos
Advisor
‎2019-11-07 12:20 PM

Just to give everyone following this great guide a heads up, you would also need to turn off a few settings on Postman as described in the following link:

https://stackoverflow.com/questions/47806876/could-not-get-any-response-response-when-using-postman-...

It won't work otherwise.

I hope this helps.

0 Kudos
ggmeza
Participant
‎2021-05-06 04:49 PM

Hi... if i use an api call to show rules for example, and i need to show that on a web page.. how can i do that?

0 Kudos
PhoneBoy
Admin
Admin
‎2021-05-06 05:12 PM
In response to ggmeza

You’d have to write a program to translate the results of the API to a web page.
Or you can use the tool we’ve already created that does this: https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solut...

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events