Enabling and managing SMC's public API

SMC has a standard REST API with which your SMC servers can be used and queried through your own orchestration tools.

All SMC features are not yet available in the public API. It will be enriched as new versions are released.

The public API is not enabled by default. Only the SMC super administrator can enable it.

Authentication over the public API is secured by API keys that administrators generate. These keys have read/write or read-only privileges as well as a validity period that can be configured.

All operations performed via the public API are recorded in audit logs.

To make it easier to use the API, OpenAPI documentation is available on the SMC server through the address https://<@SMCIP>/docs/papi or via the link shown in the SMC web interface.

Documentation can also be found on Stormshield's Technical Documentation website.

In case of intensive use of the API, i.e., several write requests within a few seconds, while other users are using the administration web interface at the same time, the performance of SMC may be impacted. Some requests may fail.
Likewise, if you plan a regular intensive use, we recommend that you disable configuration consistency checking to avoid impacting SMC performance. For more information, see the section Verifying configuration consistency.