This website uses cookies. By clicking OK, you consent to the use of cookies. Click Here to learn more about how we use cookies.
OK
ABOUT CHECKMATES & FAQ
Create a Post
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Help
Albert_Chang
Explorer
‎2019-05-27 01:32 AM

How to grant permission for the web api?

Jump to solution

I just install the Check Point API Python Development Kit and run a simple login. But it says "You don't have permission to access /web_api/login this server.

How could I troubleshoot the issue?

 

Code:

import getpass
from cpapi import APIClient, APIClientArgs

api_server = "fwmgr"
username = input("Enter username: ")
password = getpass.getpass("Enter password: ")

client_args = APIClientArgs(server=api_server)
client = APIClient(client_args)

client.debug_file = "api_calls.json"
login_res = client.login(username, password)
login_res.error_message

Error message returned:

cpapi.api_exceptions.APIException('APIResponse received a response which is not a valid JSON.',
                                  b'<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">\n<html><head>\n<title>403 Forbidden</title>\n</head><body>\n<h1>Forbidden</h1>\n<p>You don\'t have permission to access /web_api/login\non this server.<br />\n</p>\n</body></html>\n')

 

 

 

0 Kudos
Reply
1 Solution

Accepted Solutions
PhoneBoy
Admin
Admin
‎2019-05-30 06:24 AM
In response to Albert_Chang

Jump to solution
The reason you are seeing the error is the API server is only available from 127.0.0.1 (localhost) by default.
To fix this, see: https://community.checkpoint.com/t5/API-CLI-Discussion-and-Samples/Enabling-web-api/m-p/32641#M2011

View solution in original post

Reply
5 Replies
Martin_Raska
Advisor
‎2019-05-27 08:29 AM

Jump to solution
Check API access setting is the SmartConsole, try -all IP addresses
0 Kudos
Reply
Albert_Chang
Explorer
‎2019-05-27 09:31 PM
In response to Martin_Raska

Jump to solution
Hi Martin,

Do you mean to configure an access control rule for API access? Do you have an example?

We already enabled SSH 443 to the firewall manager. Do we need to enable anything else?
0 Kudos
Reply
Albert_Chang
Explorer
‎2019-05-27 09:34 PM
In response to PhoneBoy

Jump to solution
Thanks for the reply, PhoneBoy.

Thanks PhoneBoy for the reply.
I am using the Check Point API Python Development Kit for Python. So I don't need to specify "web_api" string in the url.

https://github.com/CheckPointSW/cp_mgmt_api_python_sdk
0 Kudos
Reply
PhoneBoy
Admin
Admin
‎2019-05-30 06:24 AM
In response to Albert_Chang

Jump to solution
The reason you are seeing the error is the API server is only available from 127.0.0.1 (localhost) by default.
To fix this, see: https://community.checkpoint.com/t5/API-CLI-Discussion-and-Samples/Enabling-web-api/m-p/32641#M2011

View solution in original post

Reply