General configuration tab

The REST API is not enabled by default, and only the SNS firewall's super administrator (admin account) can enable it.

Authentication over the REST API is secured by API keys that administrators generate. These keys have read/write or read-only privileges as well as a validity period that can be configured.

All operations performed via the REST API are recorded in audit logs.

To make it easier to use this API, OpenAPI documentation is available on the firewall through the address https://<@SNS firewall IP>/docs/papi/v1 or via the link shown in the firewall's web interface.

Documentation can also be found on Stormshield's Technical Documentation website.

Enabling the SNS REST API

Enabling the REST API

Set the cursor to ON to enable the REST API.

Communication

Server certificate

Select the certificate presented by the firewall when accessing the REST API.

The certificate selected by default is the firewall's self-generated certificate (SNS-WebServer-default-authority) for access to the firewall web administration interface.

Port

Select the port to access the firewall's REST API.

The default port is the https object.

Key lifetimes

Minimum lifetime (in days)

Set the minimum lifetime suggested by default to administrators when they create an API key (30 days by default).

The lifetime of an API key generated by an administrator cannot be below this value.

Maximum lifetime (in days)

Set the maximum lifetime suggested by default to administrators when they create an API key (365 days by default).

The lifetime of an API key generated by an administrator cannot be above this value.

Logs

Log authentication failures

Select this checkbox to enable the generation of all logs relating to errors encountered during authentication for API use.

These logs are written to the dedicated "l_restapi" log file.

Log all routes:

Select this checkbox to enable the generation of logs relating to all routes used on the REST API.

These logs are written to the dedicated "l_restapi" log file.