Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Explorer

How to grant permission for the web api?

Jump to solution

I just install the Check Point API Python Development Kit and run a simple login. But it says "You don't have permission to access /web_api/login this server.

How could I troubleshoot the issue?

 

Code:

import getpass
from cpapi import APIClient, APIClientArgs

api_server = "fwmgr"
username = input("Enter username: ")
password = getpass.getpass("Enter password: ")

client_args = APIClientArgs(server=api_server)
client = APIClient(client_args)

client.debug_file = "api_calls.json"
login_res = client.login(username, password)
login_res.error_message

Error message returned:

cpapi.api_exceptions.APIException('APIResponse received a response which is not a valid JSON.',
                                  b'<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">\n<html><head>\n<title>403 Forbidden</title>\n</head><body>\n<h1>Forbidden</h1>\n<p>You don\'t have permission to access /web_api/login\non this server.<br />\n</p>\n</body></html>\n')

 

 

 

0 Kudos
Reply
1 Solution

Accepted Solutions
Admin
Admin
The reason you are seeing the error is the API server is only available from 127.0.0.1 (localhost) by default.
To fix this, see: https://community.checkpoint.com/t5/API-CLI-Discussion-and-Samples/Enabling-web-api/m-p/32641#M2011

View solution in original post

5 Replies
Advisor
Check API access setting is the SmartConsole, try -all IP addresses
0 Kudos
Reply
Explorer
Hi Martin,

Do you mean to configure an access control rule for API access? Do you have an example?

We already enabled SSH 443 to the firewall manager. Do we need to enable anything else?
0 Kudos
Reply
Explorer
Thanks for the reply, PhoneBoy.

Thanks PhoneBoy for the reply.
I am using the Check Point API Python Development Kit for Python. So I don't need to specify "web_api" string in the url.

https://github.com/CheckPointSW/cp_mgmt_api_python_sdk
0 Kudos
Reply
Admin
Admin
The reason you are seeing the error is the API server is only available from 127.0.0.1 (localhost) by default.
To fix this, see: https://community.checkpoint.com/t5/API-CLI-Discussion-and-Samples/Enabling-web-api/m-p/32641#M2011

View solution in original post