Enable API Access

WatchGuard provides public RESTful APIs you can use for integration with WatchGuard products and services. To use a WatchGuard API, you must enable RESTful API access in WatchGuard Cloud.

For more detailed information, see the WatchGuard API Help.

Enable API Access

When you enable API access, you establish credentials for read-write and read-only API requests and generate an API key, which identifies your account in requests that you make to WatchGuard APIs. WatchGuard Cloud supports API access for both Service Provider and Subscriber accounts. For information on WatchGuard public API usage statistics for your account, see See API Usage.

To enable API access, you must have the Owner or Administrator operator role.

To enable API access:

  1. Log in to WatchGuard Cloud.
    If you are a Service Provider, from Account Manager, select My Account or a managed account.
  2. Select Administration > Managed Access.

  3. Click Enable API Access.

  4. Specify the readwrite and readonly passwords to use as your API access credentials. Passwords must include an uppercase letter, a lowercase letter, a number, and a special character.

    The readwrite password and the readonly password must be different.

  5. Select the I agree to the terms and conditions in the WatchGuard APIs License Agreement check box.
    You can click View the WatchGuard APIs License Agreement to review the details of the agreement.
  6. Click Save.

After you enable API access, you see this information:

  • Access ID (Read-write) — Specify this ID and the read-write password as the credentials in an API request to generate an API access token that allows read-write access.
  • Access ID (Read-only) — Specify this ID and the read-only password as the credentials in an API request to generate an API access token that allows read-only access.
  • Authentication API URL — To generate an access token, send a request to URL of this WatchGuard Authentication API endpoint.
  • API URL (base) — The base URL for WatchGuard public API requests.
  • API Key — Specify this as the value of the X-API-Key header parameter in all requests to WatchGuard public APIs.

The Authentication API URL and API URL (base) depend on your WatchGuard Cloud account data storage region.

WatchGuard public APIs use token-based authentication. In each request to a WatchGuard API you specify an API key, which identifies your account, and an access token, which authorizes API access for a period of time. To get an access token, you send a request to the WatchGuard Authentication API. The access token request must include the base64 encoded read-write API credentials for your account.

For more information about how to make API requests, see the WatchGuard API Help. For information on WatchGuard public API usage statistics for your account, see See API Usage.

Change Your API Passwords

To change the API passwords for the API Access IDs:

  1. In your WatchGuard Cloud Subscriber account, select Administration > Managed Access.
    If you are a Service Provider, from Account Manager, select My Account. 

Screen shot of RESTful API Access enabled

  1. Click Change Passwords.

    Screen shot of the Change Passwords page.

  2. Specify new readwrite and readonly passwords.
  3. Select the I agree to the terms and conditions in the WatchGuard APIs License Agreement check box.
    You can click View the WatchGuard APIs License Agreement to review the details of the agreement.
  4. Click Change Passwords.

Revoke API Access

To revoke API access for your WatchGuard Cloud account:

  1. Log in to your WatchGuard Cloud account.
    If you are a Service Provider, from Account Manager, select My Account.
  2. Select Administration > Managed Access.
  3. Click Revoke Access.

    Screen shot of RESTful API Access enabled

Related Topics

API Usage Dashboard

WatchGuard API Help

Configure MFA for a RESTful API Client