This article explains how to generate an API key for the read-only and for the write Cato APIs.
The API Keys Management screen lets you generate API keys in the Cato Management Application that are used to authenticate to the Cato API server. Enter the API key for an API client (such as Postman or Altair) or for scripts to run API calls for authentication to Cato.
Cato supports two types of API calls:
-
View permissions - Perform read-only API calls to retrieve data for your account
-
Edit permissions - Perform write API calls to make changes to your account
Make sure that you copy the API key from the pop-up window. Once you close the pop-up window, you can't access the key again.
The API Keys Management screen shows you the API keys for your account. You can use this screen to generate and revoke API keys. The Name for the API key is only used to identify each key and isn't used as part of the authentication process.
Generate the key for the Cato API and then paste it in the API client or script.
To generate an API key:
-
In the navigation menu, click Administration > API Management.
-
On the API Keys tab, click New. The Create API Key panel opens.
-
Enter a Key Name.
-
Select the API Permission for this key.
-
(Optional) Select a date that the API key Expires at.
For API keys with Edit permissions, we recommend setting a date that the API key will Expire at.
-
(Optional) For additional security, in Allow access from IPs, select Specific IP list, and define the IP addresses that are allowed to use this API key.
The default setting is to allow this API key for Any IP address.
-
Click Apply. The API key is added and a popup window containing the new API key is displayed.
-
Click (Copy) and copy the API Key that is generated by the Cato Management Application and save it to a secure location.
Once you close this window, you can't access the value for the API key.
-
Click OK to close the pop-up window.
You can revoke the API key and remove it from the Cato Management Application. Once revoked, the key can't be used to authenticate to the API server.
4 comments
Added information about API keys for the Cato Configuration API.
It would be better if we could configure IPs using specific Subnet in “Allow access from IPs”
Is it not possible at this time to add a range / subnet of IP's to whitelist for those cloud applications?
nazmul.hossain and Rafael Escobar excellent suggestions. Currently you can only define single IPs, but I let Product Management know about the recommended enhancement. Thanks!
Please sign in to leave a comment.