topic Re: Is there a secure way to generate XML API tokens? in General Topics

Is there a secure way to generate XML API tokens?

StefanLoeve — Mon, 03 Feb 2020 22:40:47 GMT

I've been trawling Google for a while now trying to find an alternate way to generate the XML API token. However there only seems to be one method to do so.

Maybe I'm a little paranoid, but it seems really insecure to send your admin username and password in plaintext to the firewall to generate an API token. In a world where network security is paramount for a modern business, it seems like a glaring oversight to force users to only be able to generate an API token in this manner. It would be great if there was another method to generate the token in a way that doesn't require you to do so.

Am I alone in feeling this way? Has anyone else found a way around this? Your thoughtful responses are appreciated.

Re: Is there a secure way to generate XML API tokens?

JoergSchuetter — Tue, 04 Feb 2020 05:58:19 GMT

Hello @StefanLoeve

How about applying a SSL certificate on the management interface of the firewall? That given, the credentials are no longer flying in plaintext over the wire.

Re: Is there a secure way to generate XML API tokens?

StefanLoeve — Tue, 04 Feb 2020 17:41:22 GMT

Hello Jeorg.

I have already applied an SSL certificate to the webUI. Thanks for pointing me in that direction. I hadn't properly understood that the hostname is the only part that isn't encrypted when connecting using HTTPS. Thanks for the quick response!