Dear Users,
This is to inform you about an upcoming change in the Zero Touch API login procedure. To enhance security and align with Check Point's unified authentication system (login.checkpoint.com) and MFA (Multi-factor authentication) requirements, we are introducing a new API authentication method based on an API Client ID and an API Key.
Motivation:
The previous login method based on the username and password is being deprecated due to security concerns related to MFA support for Zero Touch. This change ensures a more secure experience for all users.
Important:
The previous login method based on the username and password will be deprecated on 18 March 2025. Please update your environments to use the new API authentication method to avoid disruptions.
New workflow:
- Log in to the Zero Touch web portal.
This login now enforces the same MFA as Check Point User Center.
- In the top right corner, click the gear wheel icon and click "Manage API Keys".
- Generate a pair of an API Client ID and an API Key.
Configure the API key's validity period between 1 and 180 days (default is 90 days).
Warning - This window shows the API key only one time. Copy it immediately and save it in a safe location.
Note - Each user can generate only one pair.
- Start an API session to get the session ID.
Send a REST API request to this URL: https://zerotouch.checkpoint.com/ZeroTouch/web_api/v2/login
with the following JSON payload:
{
"api-client-id":"YOUR_API_CLIENT_ID",
"api-key":"YOUR_API_KEY"
}
- The Zero Touch API service response contains the "sid" key with the Session ID.
{
...
"sid": "YOUR_SESSION_ID"
...
}
You must use the value of this "sid" key as the value of the "X-chkp-sid" key in all subsequent Zero Touch API requests.
Refer to these documents:
If you have any questions or require assistance, please don't hesitate to contact us.
Sincerely,
Zero Touch development team
