Set up your environment to use the REST API

Perform the following tasks to prepare your environment for developing with the REST API:

  1. Download the Deep Security Web Services SDK
  2. Enable the Status Monitoring API (Optional)
  3. Create a user account that a REST API client can use
  4. Trust the Deep Security Manager's SSL certificate, if required

Download the Web Services SDK

Download the Web Services SDK ZIP file and extract it: Deep Security Web Service SDK

The ZIP file contains REST API documentation, a Java client library that helps with developing Java client applications, and samples that use the library. If you use a different language, or you use Java and want to use your own REST client technology, use the REST API reference documentation to learn the syntax for API calls. For each operation, the reference provides the HTTP syntax including the HTTP path and operation (GET, PUT, etc.), and a description of the structure of the data passed to or from the API call.

See the ZIP's readme file for a complete list of contents and other important information.

Enable the Status Monitoring API (optional)

Most functions of the REST API are available after Deep Security Manager has been installed and started. They do not require any additional configuration. However, there is an exception: if you want to use status monitoring, you must enable it first. The status monitoring API is disabled by default as it does not require authentication.

  1. In Deep Security Manager, go to Administration > System Settings > Advanced.
  2. In the Status Monitoring API section, select Enabled, then click Save.

Create a Web Service role and user

Create a role that has permissions to access the Deep Security web services API endpoints (both SOAP and REST) and any other features that you want to use with the REST API. For security reasons, you should create a role and a user specifically for your API calls.

The REST API enforces all role access controls, such as computer rights, security profile rights, and user rights. For example, when you create a role for the Web Service APIs that allows a user to view certain computers, a REST API client that authenticates as that user can view only the specified computers.

  1. In Deep Security Manager, go to Administration > User Management > Roles.
  2. Click New.
  3. Deselect Allow Access to Deep Security Manager User Interface and select Allow Access to Web Service API.
  4. When all other configuration is complete, click Save.
  5. Go to Administration > User Management > Users and click New.
  6. Provide the required properties for the use. For the Role property, select the role that you just created.
  7. Make a note of the new user account username and password.

Trust the Deep Security Manager certificate

All REST API clients must communicate with Deep Security Manager over HTTPS connections, and your clients must trust the certificate that secures the connections.

If the manager's certificate is signed by a trusted certificate authority (CA), you do not need to do anything.

If the manager uses a self-signed certificate, you need to import the certificate into the trusted X.509 certificate store of your REST client implementation. For Java programs, you can use a custom trust store or the default trust store of the JRE. For more information, see "Import self-signed certificates" on the Java SDK page.