Login
- Table of Contents
- Related Documents
-
| Title | Size | Download |
|---|---|---|
| 01-RESTful configuration | 66.30 KB |
Configuring RESTful
About RESTful
The device provides the Representational State Transfer application programming interface (RESTful API). Based on this API, you can use programming languages such as Python, Ruby, or Java to write programs to perform the following tasks:
· Send RESTful requests to the device to pass authentication.
· Use RESTful API operations to configure and manage the device. RESTful API operations include Get, Put, Post, and Delete.
The device supports using HTTP or HTTPS to transfer RESTful packets.
FIPS compliance
The device supports the FIPS mode that complies with NIST FIPS 140-2 requirements. Support for features, commands, and parameters might differ in FIPS mode and non-FIPS mode. For more information about FIPS mode, see Security Configuration Guide.
RESTful over HTTP is not supported in FIPS mode.
Configuring RESTful over HTTP
1. Enter system view.
system-view
2. (Optional.) Specify the service port number for RESTful access over HTTP.
restful http port port-number
By default, the service port number for RESTful access over HTTP is 80.
3. Enable RESTful over HTTP.
restful http enable
By default, RESTful over HTTP is disabled.
4. Create a local user and enter local user view.
local-user user-name [ class manage ]
5. Configure a password for the local user.
password [ { hash | simple } password ]
6. (Optional.) Assign a user role to the local user.
authorization-attribute user-role user-role
The default user role is network-operator for a RESTful user.
7. Specify the HTTP service for the local user.
service-type http
By default, no service type is specified for a local user.
Configuring RESTful over HTTPS
Restrictions and guidelines
RESTful access over HTTPS supports the following authentication modes:
· Username+password—A RESTful client must log in to the device by entering a valid username and password on the login page.
· Digital certificate—A RESTful client automatically logs in to the device after its certificate authentication passes. In this authentication mode, the device obtains the common name (CN) from the certificate and uses it as the username. If the username already exists on the device (added by using the local-user command), the client is allowed to log in.
When you specify the certificate authentication mode, you must perform the following tasks:
· Configure a PKI domain and import the RESTful client's certificate to the PKI domain by using the pki import command. For more information about PKI, see Security Configuration Guide.
· Configure an SSL server policy:
¡ Specify the PKI domain used by the policy by using the pki-domain command.
¡ Enable digital certificate-based authentication for SSL clients by using the client-verify enable command.
· Apply the SSL server policy to the RESTful access over HTTPS service by using the restful https ssl-server-policy command.
Procedure
1. Enter system view.
system-view
2. (Optional.) Apply an SSL server policy to the RESTful access over HTTPS service.
restful https ssl-server-policy policy-name
By default, no SSL server policy is applied to the RESTful access over HTTPS service.
The RESTful access over HTTPS service will use the SSL server policy to enhance service security. For more information about SSL server policies, see SSL configuration in Security Configuration Guide.
3. (Optional.) Specify the service port number for RESTful access over HTTPS.
restful https port port-number
By default, the service port number for RESTful access over HTTPS is 443.
4. Enable RESTful over HTTPS.
restful https enable
By default, RESTful over HTTPS is disabled.
5. (Optional.) Specify the certificate authentication mode for RESTful access over HTTPS.
restful https authentication-mode certificate
By default, the authentication mode for RESTful access over HTTPS is username+password.
6. Create a local user and enter local user view.
local-user user-name [ class manage ]
7. Configure a password for the local user.
In non-FIPS mode:
password [ { hash | simple } password ]
In FIPS mode:
password
Skip this step if you specify the certificate authentication mode for RESTful access over HTTPS.
8. (Optional.) Assign a user role to the local user.
authorization-attribute user-role user-role
The default user role is network-operator for a RESTful user.
9. Specify the HTTPS service for the local user.
service-type https
By default, no service type is specified for a local user.