Skip to main content

API Key Management

Zenarmor provides the Zenarmor API feature, which allows you to create your own integrations between the firewall and other security solutions. It employs API keys to authenticate requests. For API management, Zenconsole (Centralized Cloud Management Portal) allows you to perform the following tasks:

  • Enable/Disable API

  • Generate API key

  • Revoke API key

After you've generated a new API key, you'll need to activate it via CLI on your Zenarmor firewall before you can use it.

caution

Keep in mind that your API keys are extremely powerful, so keep them safe! Do not make your private API keys public on GitHub, in client-side code, or anywhere else.

Generate API Key

To build your own integrations, you can create API keys to access the Zenarmor API. After enabling API on your firewall, you can easily generate API key by following next instructions given below:

  1. Select the firewall on your Zenconsole.

  2. Navigate to Settings > API.

  3. Click +Generate API Key button. This will pop up a dialog box. Generating API Key on Zenconsole

Figure 1. Generating API Key on Zenconsole

  1. Specify a user name, such as developer and click Generate. This will automatically generates an API key and displays it in the API Keys pane. Specifying the User to Generate an API Key on Zenconsole

Figure 2. Specifying the User to Generate an API Key on Zenconsole

  1. After generating the API key you can view the following details on the API Keys pane:
  • User name
  • API key value
  • Key Creation Date
  • Key Expiration Date

Viewing API Keys Details on Zenconsole

Figure 3. Viewing API Keys Details on Zenconsole

Revoke API Key

You can easily revoke an API key by following the next instructions given below:

  1. Select the firewall on your Zenconsole.

  2. Navigate to Settings > API.

  3. Click the Revoke button with a trash box icon in the API key pane which you wish to delete. This will pop up a dialog box.

  4. Click Revoke to confirm the removing API key access from your firewall.

Revoking API Keys on Zenconsole

Figure 4. Revoking API Keys on Zenconsole

Sample API

Zenarmor provides a sample Python script,zenapi.py, for API usage. To be able to run this script successfully, you must activate your API key on your Zenarmor firewall by following the steps below:

  1. Connect your firewall using root privileged user via SSH.

  2. Edit zenapi.py file using your favorite editor to update the following lines at the beginning of the file using your API key details.

# uri of firewall which run api

api_host = 'https://192.168.122.101:8090/'

# please set this username which take from sunnyvalley cloud.

api_user = 'testuser'

# please take api key from cloud

api_key = 'uBHElPyuMjWy74f1HeArB1rtMf5krICmlVbVSNGRbdI'
info

On the OPNsense firewall, it can be found at: /usr/local/sensei/zenarmor-agent/scripts/.

If you're using a different platform, look for the file at: /usr/local/zenarmor/zenarmor-agent/scripts/.

  1. Set the api_host parameter using your firewall IP address.

  2. Set the api_user parameter using API key username which was specified during key generation.

  3. Set the api_key parameter using API key value which can be viewed on Zenconsole.

Here is the hands on video for Zenarmor API Management on Zenconsole: