token - Firepower Threat Defense API v6.2 (FTD v7.2)

Description

The token operation handles configuration related to TokenPayloadUnion model.

HTTP request

POST /api/fdm/v6/fdm/token

Data Parameters

Parameter	Required	Type	Description
grant_type	True	string	An enum value that indicates the type of request. password - to obtain an access token and a refresh token using a username and password. refresh_token - to get a new pair of access token and refresh token using a refresh token that was obtained in a previous request. revoke_token - to revoke an existing access token. custom_token - to obtain an access token and a refresh token using custom options. You must already have a password-granted token.
access_token	False	string	For a custom or revoke_token grant_type, a valid password-granted access token. You cannot revoke a token using a custom access token.
desired_expires_in	False	integer	For a custom grant_type, an integer representing the number of seconds for which the custom access token will be valid. In comparison, the password-granted tokens are valid for 1800 seconds (30 minutes). The maximum value is 31536000, which is equivalent to 365 days.
desired_refresh_expires_in	False	integer	For a custom grant_type, an integer representing the number of seconds for which the custom refresh token will be valid. If you obtain a refresh token, ensure that this value is larger than the desired_expires_in value. In comparison, the password-granted refresh tokens are valid for 2400 seconds (40 minutes). The maximum value is 34128000, which is the equivalent of 395 days. This parameter is not required if you specify 0 for desired_refresh_count.
desired_subject	False	string	For a custom grant_type, a name you give to the custom token.
desired_refresh_count	False	integer	For a custom grant_type, the number of times you want to be able to refresh the token. Specify 0 if you do not want to get a refresh token. When you do not have a refresh token, you must obtain a new access token when the existing one expires.
refresh_token	False	string	For a refresh_token grant_type, the refresh token from a password-granted or custom access token.
token_to_revoke	False	string	For a revoke_token grant_type, a password-granted token or custom-granted token that you want to revoke. This can be the same token as access_token, so you can use a password-granted token to revoke itself. You must specify one, and only one, of token_to_revoke or custom_token_subject_to_revoke.
custom_token_id_to_revoke	False	string	(Do not use.) This identifies custom acess token by its internal unique ID. However, there is no direct way for you to obtain this value. Use the other options instead.
custom_token_subject_to_revoke	False	string	For a revoke_token grant_type when used to revoke a custom token, the desired_subject value for the custom access token that you want to revoke. You can specify one, and only one, of token_to_revoke or custom_token_subject_to_revoke when revoking a token.
username	False	string	For a password grant_type request, the username of the user that is requesting the grant.
password	False	string	For a password grant_type, the password for the user specified in username.

Example

curl -X POST \
    --header "Accept: application/json" \
    --header "Authorization: Bearer ${ACCESS_TOKEN}" \
    --header "Content-Type: application/json" \
    -d '{
        "access_token": "string",
        "custom_token_id_to_revoke": "string",
        "custom_token_subject_to_revoke": "string",
        "desired_expires_in": 0,
        "desired_refresh_count": 0,
        "desired_refresh_expires_in": 0,
        "desired_subject": "string",
        "grant_type": "string",
        "password": "string",
        "refresh_token": "string",
        "token_to_revoke": "string",
        "username": "string"
    }' \
    "https://${HOST}:${PORT}/api/fdm/v6/fdm/token"

from bravado.requests_client import RequestsClient
from bravado.client import SwaggerClient


def get_client(host, token):
    http_client = RequestsClient()
    http_client.ssl_verify = False
    http_client.set_api_key(
        host,
        "Bearer {}".format(token),
        param_name="Authorization",
        param_in="header"
    )
    return SwaggerClient.from_url(
        "https://{}/apispec/ngfw.json".format(host),
        http_client=http_client,
        config={
            "validate_responses": False,
            "validate_swagger_spec": False
        }
    )


def token(client, body):
    return client.Token.token(
        body=body
    ).response().result


if __name__ == "__main__":
    host = "ftd.example.com"
    token = "access_token"
    client = get_client(host, token)

    body = {'access_token': 'string',
 'custom_token_id_to_revoke': 'string',
 'custom_token_subject_to_revoke': 'string',
 'desired_expires_in': 0,
 'desired_refresh_count': 0,
 'desired_refresh_expires_in': 0,
 'desired_subject': 'string',
 'grant_type': 'string',
 'password': 'string',
 'refresh_token': 'string',
 'token_to_revoke': 'string',
 'username': 'string'}

    token(client, body)