RESTful API

Enabling and disabling the REST API

To enable REST API on the gateway, run this Gaia Clish command:

set rest-api mode on

To disable REST API on the gateway, run this Gaia Clish command:

set rest-api mode off

Request Structure

HTTP Post

https://<gateway-ip>:<port>/web-api/<command>

The default port number is 4434.

HTTP Headers

Header	Description
`Content-Type`	application/json
`x-chkp-sid`	Session ID token as returned by the login command. `The x-chkp-sid` header is mandatory in all API calls except the login API.

Header

Description

Content-Type

application/json

x-chkp-sid

Session ID token as returned by the login command.

The x-chkp-sid header is mandatory in all API calls except the login API.

Request payload

Text in JSON format containing the different parameters.

Example:

https://192.168.1.1:4434/web-api/login

Response Structure

Returned value on Success:

HTTP status 200 (OK)
A JSON string (content varies depending on which API is called)

Returned value on failure:

HTTP status 500 (Internal Server Error), 400 (Bad Request), or 401 (Unauthorized)
A JSON structure with the error details

Versioning

HTTP Post with a specific version

https://<gateway-ip>:<port>/web-api/<version>/<command>

If no version is being sent, the latest supported version is used.

Example:

https://192.168.1.1:4434/web-api/v1/login

REST API Commands

(1) Login

Description

Log in to the SMB appliance with your SMB admin username and password.
The SMB returns your session unique identifier.
Enter this session unique identifier in the x-chkp-sid header of each request.

Request URL

POST https://<gateway-ip>:<port>/web-api/login

Request Headers

Header Name	Value	Description
`Content-Type`	application/json	Send JSON object to use the API Web Services.

Request Body

Parameter Name	Value	Description
`user` (Required)	String	Administrator username
`Password` (Required)	String	Administrator password

Response

On Success, HTTP Return code: 200

Header Name	Value	Description
`sid`	String	Session unique identifier for the `x-chkp-sid` header of each request.
`role`	String	The administrator role and permissions.
`read-only`	Boolean	True if the session is read only.
`api-server-version`	String	API server version.
`session-timeout`	Integer	Session expiration timeout in minutes.

On Failure, HTTP Return code: 400, 401, 500

Example Request

{

"user": "admin",

"password": "aa"

}

Example Response

{

"sid": "9aa5770044797d7209f8ce9b0ef0fa0",

"role": "ROLE.SUPER",

"read-only": false,

"api-server-version": "v1",

"session-timeout": 10

}

(2) Logout

Description

Log out from the current session. After you log out, the session id is no longer valid.

Request URL

POST https://<gateway-ip>:<port>/web-api/v1/logout

Request Headers

Header Name	Value	Description
`Content-Type`	application/json	Send JSON object to use the API Web Services.
`x-chkp-sid`	string token	Session unique identifier as the response to the login request.

Request Body

There is no request body.

Response

On Success, HTTP Return code: 200

On Failure, HTTP Return code: 400, 401, 500

(3) Generate-Report

Description

Generate security report data according to the selected time frame:

Hourly/Daily/Weekly/Monthly

Request URL

POST https://<gateway-ip>:<port>/web-api/generate-report

Request Headers

Header Name	Value	Description
`Content-Type`	application/json	Send JSON object to use the API Web Services.
`x-chkp-sid`	string token	Session unique identifier as the response to the login request.

Request Body

Header Name	Value	Description
`type` (Required)	String	Report time frame. Allow values: `{hourly, weekly, daily, monthly}`

Header Name

Value

Description

type (Required)

String

Report time frame.

Allow values: {hourly, weekly, daily, monthly}

Response

On Success, HTTP Return code: 200

Header Name	Value	Description
`reportData`	Base64 string	Send data JSON in base64 format.

On Failure, HTTP Return code: 400, 401, 500

Example Request

{

"type": "daily",

}

Example Response

[

{

"reportData": "<report_json_in_base64_format>"

}

]

(4) Run-Clish-Command

Description

Run a single Gaia Clish The default shell of the Gaia CLI command.

Request URL

POST https://<gateway-ip>:<port>/web-api/run-clish-command

Request Headers

Header Name	Value	Description
`Content-Type`	application/json	Send JSON object to use the API Web Services.
`x-chkp-sid`	string token	Session unique identifier as the response to the login request.

Request Body

Header Name	Value	Description
`script` (Required)	String	A single clish command in base64 format.

Response

On Success, HTTP Return code: 200

Header Name	Value	Description
`output`	String	Clish command output in base64 format.

On Failure, HTTP Return code: 400, 401, 500

Example Request

{

"script": " c2hvdyBwcm94eQ=="

}

Example Response

{

"output": "dXNlLXByb3h5OiAgICAgICAgICAgICAgICAgICAgdHJ1ZQpzZXJ2ZXI6IC

AgICAgICAgICAgICAgICAgICAgICAxLjEuMS4xCnBvcnQ6ICAgICAgICAgICAgICAgICAgICAg

ICAgIDgwODAKCg=="

}

The script is:

show proxy

The output is:

use-proxy: true server: proxy.checkpoint.com port: 8080