Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Szymon2022
Participant
Jump to solution

/web_api/add-administrator

Hello,

I need some help with web_api request. I m getting error: 

{"code": "err_inappropriate_domain_type", "message": "This command can work only on domains of type MDS. Cannot execute it in the current domain (current domain type is Domain)."}

Need to creat new adminstrator account via web_api on Check Point Smart Concole.

 

My payload looks like:

new_user_data = {'name': test123, 'authentication-method': 'tacacs', 'tacacs-server': 'TACACS-test', 'permissions-profile': {'domain':"System Data", 'profile':'read only all'}, 'ignore-warnings': 'true' }

 

Using set:

Check Point - Management API reference

R81.10

SmartConsole 81.10.9600.409

Got only one system domain, nothing more. 

 

Using mgmt_cli everything working proper. 

mgmt_cli working properly.

mgmt_cli add administrator name "test123" password "test123" must-change-password false email "test@gmail.com" phone-number "1800-800-800" authentication-method "check point password" permissions-profile "read only all"  --domain 'System Data' --format json -u xxxxxx-p 'xxxxxxyyyyyy'

 

Any idea how the payload should looks like to be a proper query on web_api?

0 Kudos
1 Solution

Accepted Solutions
Jim_Oqvist
Employee
Employee

Hi Szymon2022,  

There is an example in the API reference guide under the "login" API endpoint

https://sc1.checkpoint.com/documents/latest/APIs/index.html#web/login~v1.9%20 > example > "login to domain".

just change the value "domain name" to "System Data"

Request

POST {{server}}/login
Content-Type: application/json

{
  "user" : "aa",
  "password" : "aaaa",
  "domain" : "Domain Name"
}

View solution in original post

(1)
8 Replies
PhoneBoy
Admin
Admin

When you did the login call, did you log into the "System Data" domain?
If not, this API call will fail in the manner described.
Note this should be required on mgmt_cli as well (or at least it was last time I checked).

@Omer_Kleinstern can we make it more explicit in the documentation which API calls can only be executed in the "System Data" domain?
A more informative error message would also be useful.

Omer_Kleinstern
Employee
Employee

From the description of the add-administrator command:
"This command is available only after logging in to the System Data domain."

0 Kudos
Bob_Zimmerman
Mentor
Mentor

On a related note, is there a list of all of the API calls which are only available on the System Data domain?

Are there any calls which are available outside System Data but which aren't fully functional?

0 Kudos
Szymon2022
Participant

That's right so how to login in to system data via Web Services (WebAPI)?

 

0 Kudos
Szymon2022
Participant

In the past few days I was searching the proper url and proper payload to login in to system data. And I couldnt find it out.

I realised that I need to be login in to the system data first but do not know how to do it. 

 

payload = {
    "user": "admin",
    "password": "xxx",
    "domain":{"name" : "System Data"}
      }
 
Maybe url is not appropriate?
 
callback:
 
{
"code" : "generic_err_invalid_syntax",
"message" : "Login request message processing failed"
}
 
Any suggestions about URL and payload?
 
0 Kudos
Jim_Oqvist
Employee
Employee

Hi Szymon2022,  

There is an example in the API reference guide under the "login" API endpoint

https://sc1.checkpoint.com/documents/latest/APIs/index.html#web/login~v1.9%20 > example > "login to domain".

just change the value "domain name" to "System Data"

Request

POST {{server}}/login
Content-Type: application/json

{
  "user" : "aa",
  "password" : "aaaa",
  "domain" : "Domain Name"
}
(1)
Szymon2022
Participant

Thank you for your suggestion. That was it. 

Below the correct query simple example:

 


payload = {
    "user": "admin",
    "password": "xxxx",
    "domain":"System Data"
      }
 
headers = {'Content-Type' : 'application/json'}
response = requests.post(url,data=json.dumps(payload), headers=headers, verify=False)

if response.status_code ==200:
    sid = response.json()["sid"]
    print("Done:",sid)
    print(response.text)
else:
    print("Error")
    print(response.text)
 
payload_user = {
    "name": "test123",
    "authentication-method":"tacacs",
    "tacacs-server":"TACACS-test",
    "permissions-profile":"Read Only All",
}

headers2 = {'Content-Type' : 'application/json', "X-chkp-sid": sid}
response = session.post(url3, json=payload_user, headers=headers2, verify=False)

if response.status_code !=200:
    print("Error during adding adm.")
    print(response.text)
else:
    print("Adm has been added")
    print(response.text)
 
Then publish and logout.
 
 
Thank You everybody for your support. I spent a lot of time to find the solution. I was close :). 
Best regards!!
 
0 Kudos
Bob_Zimmerman
Mentor
Mentor

Domain should be a string, not an object. It should contain either the name or the UUID of the domain.

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events