Firepower Threat Defense (FTD)
Introduction
Access to the FTD REST API is mediated by OAUTH tokens. A username and password is initially provided in a REST API request, and the FTD device returns a token string that can be used for other REST API requests for a given period of time. REST API users must obtain an access token before making any other requests, and must include that access token in all HTTP Authorization request headers.
More Information
To learn more about how to work with FTD OAUTH 2.0 access tokens, see Authenticating Your REST API Client using OAUTH.
To Get an Access Token From the FTD Device
Step 1
Send a token POST request to login and obtain an access token.
The value returned in the access_token property is the access token. Include this value in subsequent FTD API requests in the Authorization request header, using this format: -H "Authorization: Bearer ACCESS_TOKEN"
BASH_POST
CONTENT_DATA
PYTHON_POST
RESPONSE
Copycurl -H "Accept: application/json" -H "Content-Type: application/json" -d @content_data https://ftd.example/api/fdm/latest/fdm/token
Copy{
"grant_type": "password",
"username": "admin",
"password": "Admin123"
}
Copy'''
Copyright (c) 2019 Cisco and/or its affiliates.
This software is licensed to you under the terms of the Cisco Sample
Code License, Version 1.1 (the "License"). A copy of the License
can be found in the LICENSE.TXT file of this software or at
https://developer.cisco.com/site/license/cisco-sample-code-license/
All use of the material herein must be in accordance with the terms of
the License. All rights not expressly granted by the License are
reserved. Unless required by applicable law or agreed to separately in
writing, software distributed under the License is distributed on an
"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either
express or implied.
'''
import requests
def get_access_token(host, port, user, passwd):
"""
Requires Python 3.0 or greater and requests lib.
Login to FTD device and obtain an access token. The access token is required so that the user can
connect to the device to send REST API requests.
:param host: ftd host address
:param port: ftd port
:param user: login user name
:param passwd: login password
:return: OAUTH access token
"""
access_token = None
requests.packages.urllib3.disable_warnings()
payload = '{{"grant_type": "password", "username": "{}", "password": "{}"}}'.format(user, passwd)
auth_headers = {"Content-Type": "application/json", "Accept": "application/json"}
try:
response = requests.post("https://{}:{}/api/fdm/latest/fdm/token".format(host, port),
data=payload, verify=False, headers=auth_headers)
if response.status_code == 200:
access_token = response.json().get('access_token')
print("Login successful, access_token obtained")
except Exception as e:
print("Unable to POST access token request: {}".format(str(e)))
return access_token
def main():
access_token = get_access_token('ftd.example', '443', 'admin', 'Admin123')
if __name__ == '__main__':
main()
Copy{
"access_token":"eyJhbGciOiJIUzI1NiJ9.eyJpYXQiOjE1NzAyMTAwOTcsInN1YiI6ImFkbWluIiwianRpIjoiNWEyYTc2ZWItZTZjYy0xMWU5LTg4ZjYtZjFmMjk4NzkxYzBiIiwibmJmIjoxNTcwMjEwMDk3LCJleHAiOjE1NzAyMTE4OTcsInJlZnJlc2hUb2tlbkV4cGlyZXNBdCI6MTU3MDIxMjQ5NzE5NiwidG9rZW5UeXBlIjoiSldUX0FjY2VzcyIsInVzZXJVdWlkIjoiNmY0ODMzZTAtZDY2My0xMWU5LWExMmUtMDE1MjViYjZkOWY5IiwidXNlclJvbGUiOiJST0xFX0FETUlOIiwib3JpZ2luIjoicGFzc3dvcmQiLCJ1c2VybmFtZSI6ImFkbWluIn0.vH_Gnb7z47vAjkfsQVE4ms44tQI1uiVhPHQK9dtyMVY",
"expires_in":1800,
"token_type":"Bearer",
"refresh_token":"eyJhbGciOiJIUzI1NiJ9.eyJpYXQiOjE1NzAyMTAwOTcsInN1YiI6ImFkbWluIiwianRpIjoiNWEyYTc2ZWItZTZjYy0xMWU5LTg4ZjYtZjFmMjk4NzkxYzBiIiwibmJmIjoxNTcwMjEwMDk3LCJleHAiOjE1NzAyMTI0OTcsImFjY2Vzc1Rva2VuRXhwaXJlc0F0IjoxNTcwMjExODk3MTk2LCJyZWZyZXNoQ291bnQiOi0xLCJ0b2tlblR5cGUiOiJKV1RfUmVmcmVzaCIsInVzZXJVdWlkIjoiNmY0ODMzZTAtZDY2My0xMWU5LWExMmUtMDE1MjViYjZkOWY5IiwidXNlclJvbGUiOiJST0xFX0FETUlOIiwib3JpZ2luIjoicGFzc3dvcmQiLCJ1c2VybmFtZSI6ImFkbWluIn0.xCTh6kemXFnR6w5kQaFksTnAIeoZKHHKSJzAWq54DuI",
"refresh_expires_in":2400
}