Is there a secure way to generate XML API tokens?

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Is there a secure way to generate XML API tokens?

L0 Member

I've been trawling Google for a while now trying to find an alternate way to generate the XML API token. However there only seems to be one method to do so.

Maybe I'm a little paranoid, but it seems really insecure to send your admin username and password in plaintext to the firewall to generate an API token. In a world where network security is paramount for a modern business, it seems like a glaring oversight to force users to only be able to generate an API token in this manner. It would be great if there was another method to generate the token in a way that doesn't require you to do so.

 

Am I alone in feeling this way? Has anyone else found a way around this? Your thoughtful responses are appreciated.

1 ACCEPTED SOLUTION

Accepted Solutions

L4 Transporter

Hello @StefanLoeve 

How about applying a SSL certificate on the management interface of the firewall? That given, the credentials are no longer flying in plaintext over the wire.

View solution in original post

2 REPLIES 2

L4 Transporter

Hello @StefanLoeve 

How about applying a SSL certificate on the management interface of the firewall? That given, the credentials are no longer flying in plaintext over the wire.

Hello Jeorg.

I have already applied an SSL certificate to the webUI. Thanks for pointing me in that direction. I hadn't properly understood that the hostname is the only part that isn't encrypted when connecting using HTTPS. Thanks for the quick response!

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!