I'd like to know if it's possible to restrict access to the API? (ex: to some IP addresses).
Example: if remote management is allowed from 192.168.0.0/24, is it possible to restrict the API usage to 192.168.0.1 by example?
Is it an option to dedicate a specific IP address to the answer to API requests?
What are the best practices to prevent an API key to be used by another host to access the firewall?
in the Management Interface Settings you can control which IP addresses or subnets are permitted to connect to the firewall interface.
you can then prevent individual administrator accounts from accessing the API by creating an admin role
(so the best practice here is to not share your API key, as this is linked to your account and grants access to the API)
and then create new admins with that role
any interface that has management features enabled (mgmt interface or dataplane interface with management profile) will also respond to API if the IP is permitted to connect to any management feature
hope this helps
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!