Managing Security through API

This section describes the API Server on a Management ServerClosed Check Point Single-Domain Security Management Server or a Multi-Domain Security Management Server. and the applicable API Tools.

API

You can configure and control the Management Server through API Requests you send to the API Server that runs on the Management Server.

The API Server runs scripts that automate daily tasks and integrate the Check Point solutions with third party systems, such as virtualization servers, ticketing systems, and change management systems.

To learn more about the management APIs, to see code samples, and to take advantage of user forums, see:

API Tools

You can use these tools to work with the API Server on the Management Server:

Configuring the API Server

To configure the API Server:

  1. Connect with SmartConsole to the Security Management ServerClosed Dedicated Check Point server that runs Check Point software to manage the objects and policies in a Check Point environment within a single management Domain. Synonym: Single-Domain Security Management Server. or applicable Domain Management Server.

  2. From the left navigation panel, click Manage & Settings.

  3. In the upper left section, click Blades.

  4. In the Management API section, click Advanced Settings.

    The Management API Settings window opens.

  5. Configure the Startup Settings and the Access Settings.

  6. Click OK.

  7. In the upper left section, click Permissions & Administrators.
  8. In the object of each applicable Administrator, make sure the assigned Permission ProfileClosed Predefined group of SmartConsole access permissions assigned to Domains and administrators. With this feature you can configure complex permissions for many administrators with one definition. allows access to Management API.

  9. Publish the SmartConsole session.

  10. Restart the API Server on the Management Server with this command:

    api restart

    Notes:

  11. Examine the status of the API server on the Management Server with this command:

    api status

    Notes:

    • The output of this command must show:

      --------------------------------------------
      Overall API Status: Started
      --------------------------------------------
      
      API readiness test SUCCESSFUL. The server is up and ready to receive connections
    • The output this command may show the state of the "API" process as "Stopped" when the API access is set to "All IP addresses that can be used for GUI clients", and more than 200 Trusted Clients are configured:

      Processes:
      
      Name      State     PID       More Information
      -------------------------------------------------
      API       Stopped   ...