About the FMC REST API

The FMC REST API provides a lightweight API to manage a FMC.

About the FMC REST API

With the release of FMC REST API, you now have light-weight, easy-to-use option for managing FTD and legacy devices through a FMC.

The REST API is an application programming interface (API), based on “RESTful” principles, which you can quickly enable on any FMC running version 6.1 or higher, and use with a REST client.

After installing a REST client, you can contact the specific FMC's REST agent and use standard HTTP methods to access current configuration information, and issue additional configuration parameters.

Enabling the REST API

In FMC, the REST API is enabled by default. However, if you are intending to use the REST API, you should confirm that it is enabled.


Note

If you are using UCAPL mode, check that the REST API is not enabled.

Procedure


Step 1

Navigate to System>Configuration>REST API Preferences>Enable REST API

Step 2

Check the "Enable REST API" checkbox.

Step 3

Click "Save". A "Save Successful" dialog will display when the REST API is enabled.


Best Practices

Cisco recommends the following best practices for optimal results with the REST API:

  • Keep UI users and script users separate. Especially do not use the admin account as an API user.

  • Do not give script users more privilege than needed.

  • Always validate the content coming from the server.

  • Validate/sanitize JSON content, as it may include embedded executable code.

  • If you are using CC or UCAPL mode you should disable REST API access to the FMC and managed devices.