Enable API Access

WatchGuard provides public RESTful APIs you can use for integration with WatchGuard products and services. To use a WatchGuard API, you must enable RESTful API access in WatchGuard Cloud.

For more detailed information, see the WatchGuard API Help.

Enable API Access

When you enable API access, you establish credentials for read-write and read-only API requests and generate an API key, which identifies your account in requests that you make to WatchGuard APIs. WatchGuard Cloud supports API access for both Service Provider and Subscriber accounts.

To enable API access, you must have the Owner or Administrator operator role.

To enable API access:

  1. Log in to your WatchGuard Cloud account.
  2. If you are a Service Provider, go to Subscriber view for your own account or a managed account.
  3. Select Administration > Managed Access.

  4. Click Enable API Access.

  5. Specify the readwrite and readonly passwords to use as your API access credentials. Passwords must include an uppercase letter, a lowercase letter, a number, and a special character.

    The readwrite password and the readonly password must be different.

  6. Click Save.

    Screen shot of RESTful API Access enabled

After you enable API access, you see this information:

  • Access ID (Read-write) — Specify this ID and the read-write password as the credentials in an API request to generate an API access token that allows read-write access.
  • Access ID (Read-only) — Specify this ID and the read-only password as the credentials in an API request to generate an API access token that allows read-only access.
  • Authentication API URL — To generate an access token, send a request to URL of this WatchGuard Authentication API endpoint.
  • API URL (base) — The base URL for WatchGuard public API requests.
  • API Key — Specify this as the value of the X-API-Key header parameter in all requests to WatchGuard public APIs.

The Authentication API URL and API URL (base) depend on your WatchGuard Cloud account data storage region.

WatchGuard public APIs use token-based authentication. In each request to a WatchGuard API you specify an API key, which identifies your account, and an access token, which authorizes API access for a period of time. To get an access token, you send a request to the WatchGuard Authentication API. The access token request must include the base64 encoded read-write API credentials for your account.

For more information about how to make API requests, see the WatchGuard API Help.

Change Your API Passwords

To change the API passwords for the API Access IDs:

  1. In your WatchGuard Cloud subscriber account, select Administration > Managed Access.
  2. Click Change Passwords.

    Screen shot of the Change Passwords page.

  3. Specify new readwrite and readonly passwords.
  4. Click Change Passwords.

Revoke API Access

To revoke API access for your WatchGuard Cloud account:

  1. Log in to your WatchGuard Cloud account.
  2. If you are a Service Provider, go to the Subscriber view for your own account or a managed account.
  3. Select Administration > Managed Access.
  4. Click Revoke Access.

    Screen shot of RESTful API Access enabled

See Also

WatchGuard API Help

Configure MFA for a RESTful API Client