This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Szymon2022
Participant
‎2023-04-28 08:21 AM
Jump to solution

/web_api/add-administrator

Hello,

I need some help with web_api request. I m getting error: 

{"code": "err_inappropriate_domain_type", "message": "This command can work only on domains of type MDS. Cannot execute it in the current domain (current domain type is Domain)."}

Need to creat new adminstrator account via web_api on Check Point Smart Concole.

 

My payload looks like:

new_user_data = {'name': test123, 'authentication-method': 'tacacs', 'tacacs-server': 'TACACS-test', 'permissions-profile': {'domain':"System Data", 'profile':'read only all'}, 'ignore-warnings': 'true' }

 

Using set:

Check Point - Management API reference

R81.10

SmartConsole 81.10.9600.409

Got only one system domain, nothing more. 

 

Using mgmt_cli everything working proper. 

mgmt_cli working properly.

mgmt_cli add administrator name "test123" password "test123" must-change-password false email "test@gmail.com" phone-number "1800-800-800" authentication-method "check point password" permissions-profile "read only all"  --domain 'System Data' --format json -u xxxxxx-p 'xxxxxxyyyyyy'

 

Any idea how the payload should looks like to be a proper query on web_api?

0 Kudos
1 Solution

Accepted Solutions
Jim_Oqvist
Employee
Employee
‎2023-05-08 05:01 AM
In response to Szymon2022
Jump to solution

Hi Szymon2022,  

There is an example in the API reference guide under the "login" API endpoint

https://sc1.checkpoint.com/documents/latest/APIs/index.html#web/login~v1.9%20 > example > "login to domain".

just change the value "domain name" to "System Data"

Request

POST {{server}}/login
Content-Type: application/json

{
  "user" : "aa",
  "password" : "aaaa",
  "domain" : "Domain Name"
}

View solution in original post

(1)
8 Replies
PhoneBoy
Admin
Admin
‎2023-05-05 02:01 PM
Jump to solution

When you did the login call, did you log into the "System Data" domain?
If not, this API call will fail in the manner described.
Note this should be required on mgmt_cli as well (or at least it was last time I checked).

@Omer_Kleinstern can we make it more explicit in the documentation which API calls can only be executed in the "System Data" domain?
A more informative error message would also be useful.

Omer_Kleinstern
Employee
Employee
‎2023-05-07 01:44 AM
In response to PhoneBoy
Jump to solution

From the description of the add-administrator command:
"This command is available only after logging in to the System Data domain."

0 Kudos
Bob_Zimmerman
Authority
Authority
‎2023-05-07 06:09 AM
In response to Omer_Kleinstern
Jump to solution

On a related note, is there a list of all of the API calls which are only available on the System Data domain?

Are there any calls which are available outside System Data but which aren't fully functional?

0 Kudos
Szymon2022
Participant
‎2023-05-08 02:47 AM
In response to Omer_Kleinstern
Jump to solution

That's right so how to login in to system data via Web Services (WebAPI)?

 

0 Kudos
Szymon2022
Participant
‎2023-05-08 02:46 AM
In response to PhoneBoy
Jump to solution

In the past few days I was searching the proper url and proper payload to login in to system data. And I couldnt find it out.

I realised that I need to be login in to the system data first but do not know how to do it. 

 

payload = {
    "user": "admin",
    "password": "xxx",
    "domain":{"name" : "System Data"}
      }
 
Maybe url is not appropriate?
 
callback:
 
{
"code" : "generic_err_invalid_syntax",
"message" : "Login request message processing failed"
}
 
Any suggestions about URL and payload?
 
0 Kudos
Jim_Oqvist
Employee
Employee
‎2023-05-08 05:01 AM
In response to Szymon2022
Jump to solution

Hi Szymon2022,  

There is an example in the API reference guide under the "login" API endpoint

https://sc1.checkpoint.com/documents/latest/APIs/index.html#web/login~v1.9%20 > example > "login to domain".

just change the value "domain name" to "System Data"

Request

POST {{server}}/login
Content-Type: application/json

{
  "user" : "aa",
  "password" : "aaaa",
  "domain" : "Domain Name"
}
(1)
Szymon2022
Participant
‎2023-05-08 06:01 AM
In response to Jim_Oqvist
Jump to solution

Thank you for your suggestion. That was it. 

Below the correct query simple example:

 


payload = {
    "user": "admin",
    "password": "xxxx",
    "domain":"System Data"
      }
 
headers = {'Content-Type' : 'application/json'}
response = requests.post(url,data=json.dumps(payload), headers=headers, verify=False)

if response.status_code ==200:
    sid = response.json()["sid"]
    print("Done:",sid)
    print(response.text)
else:
    print("Error")
    print(response.text)
 
payload_user = {
    "name": "test123",
    "authentication-method":"tacacs",
    "tacacs-server":"TACACS-test",
    "permissions-profile":"Read Only All",
}

headers2 = {'Content-Type' : 'application/json', "X-chkp-sid": sid}
response = session.post(url3, json=payload_user, headers=headers2, verify=False)

if response.status_code !=200:
    print("Error during adding adm.")
    print(response.text)
else:
    print("Adm has been added")
    print(response.text)
 
Then publish and logout.
 
 
Thank You everybody for your support. I spent a lot of time to find the solution. I was close :). 
Best regards!!
 
0 Kudos
Bob_Zimmerman
Authority
Authority
‎2023-05-08 05:03 AM
In response to Szymon2022
Jump to solution

Domain should be a string, not an object. It should contain either the name or the UUID of the domain.

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events