Re: API-Key

Moudar · ‎2024-03-29

Hi

Following this guide:

at step 3 i get this:

A-GUI is a windows computer that tries to connect to SMS and 10.1.1.201 is its IP.

What do I miss here? Why i get "failed to parse...." every time I try?!

and as you can see the content of token.txt "login failed" What password should be used here? I use the admin password?

then when that successes how would you use API-key to send commands from a CMD command line?

Amir_Senn · ‎2024-03-31

Hi,

Looks like the syntax is correct. What version/JHF are you using?

I would try a few steps:

a. Check API status ("api status" in expert)

b. Try to login first without writing the answer to the file. See if it works. Seemingly, it doesn't recognize your API key for a reason.

c. If issue to login continues, try to re-generate the key.

Kind regards, Amir Senn

Moudar · ‎2024-03-31

When trying only to login:

I did regenerate the key many times and used many different places to save it, but still getting the same error!

Alex- · ‎2024-03-31

Note the example screenshot has a Read-Only profile, you won't be able to make modifications with that.

Moudar · ‎2024-04-01

that image is coming from the admin guide. The reality is Super-user profile

Amir_Senn · ‎2024-03-31

I meant try to login using API-key.

In general, since this doesn't work I would try to re-generate (as you did) the key, try to create a different admin perhaps and make sure that it's well defined in SmartConsole (permission profile for example. As @Alex- mentioned, profile should have write permissions).

If this still doesn't work, perhaps open a ticket for support.

Kind regards, Amir Senn

Timothy_Hall · ‎2024-03-31

Try enclosing the API key in double quotes, thinking perhaps it is not liking that forward slash.

Failing that, look in $FWDIR/log/api.elg on the SMS to see how your login command is coming through the API Server for parsing.

New Book: "Max Power 2026" Coming Soon
Check Point Firewall Performance Optimization

Bob_Zimmerman · ‎2024-03-31

I don't think that's likely to be the problem directly:

[Expert@DallasSA]# echo mC4B/RZaG0NCn4aAaKWUqw== | xargs -n 1 echo 
mC4B/RZaG0NCn4aAaKWUqw==

It doesn't get carved up into separate, smaller chunks, and no characters get substituted or trimmed. Still worth a shot, since it's easy to do, I just think the problem is elsewhere.

The directions only say to publish the SmartConsole session, but changes to administrators typically need an Install Database to take effect. Probably also worth a shot.

Timothy_Hall · ‎2024-04-01

Right I knew that other than its use as a path separator, "/" is not significant to the shell as a special character. Just was wondering if it was tripping up the parsing somehow in the API server which api.elg can be quite helpful for diagnosing.

New Book: "Max Power 2026" Coming Soon
Check Point Firewall Performance Optimization

Bob_Zimmerman · ‎2024-04-01

I was actually more suspicious of the terminating equals signs from the base64 padding. BASH sometimes does weird things with the equals sign.

Moudar · ‎2024-04-01

When checking $FWDIR/log/api.elg like this: cat $FWDIR/log/api.elg | more

I can only see log from 22/March, I don't know why new logs do not show up!

Moudar · ‎2024-04-01

Testing now and it is working as described in the admin guide!

I did not do anything, it just worked!

Are you a member of CheckMates?

API-Key