With Sentry v8.3 and later, there is a Sentry REST API that can be used to create, edit, view, and delete Sentry policies. For some policies this includes the ability to import, export, and transfer policies (FSG files).
Administrators who wish to schedule Sentry changes and/or integrate Sentry changes into an automated process, the REST API can be very useful. New options for the REST API are being added often, if you do not see the functionality you require please contact Forum Systems Support by opening a new ticket.
This article will serve as a quick introduction to the REST API. Full documentation can be found in the attached user guide. Additionally, more information including specific examples of the REST API requests and responses can be found on the REST API Help page built into the REST API service (see below).
Follow the steps outlined below to enable the REST API:
- Gateway-->Network Policies: Create a network listener that is used for connecting to the Sentry REST API. No authentication is required on the listener policy. You can use an existing listener if you want.
- Access-->User Policies: Create a new User Group and add your admin user account to the group.
- Access-->Runtime Access: Create a new User ACL and give your User Group execute privileges.
- Access-->Admin Access: Go to the Default domain and give the User ACL from step 3 read and write privileges.
- System-->Configuration-->REST API: Enable it, select the listener from step 1, leave the default domain and unrestricted IP ACL.
Note that additional security (recommended) around the REST API interface can be enabled in the following ways:
- Set the network listener to use HTTPS, with or without SSL Mutual Authentication
- Set an IP ACL on the network listener
- Set an IP ACL on the REST API configuration screen
- Specify a Domain on the REST API configuration screen that limits which admin user groups are allowed to access the REST API
Testing and Invoking the REST API
The REST API has a built in help page that lists the operations available, includes samples, and allows testing of the API. To access the Help page:
- Access the REST API help page via browser at: https://ip_and_port_from_listener/restApi/v1.0
- You'll be prompted for your admin credentials, after submitting the correct credentials the page will come up with all the info you'll need to get started
- Use the Submit feature to test the operations