✓ Solved

API Tokens for Read/Write the firewall rules

I want to consult my firewall rules via the API tokens and be able to change them in the future.
Consulting only works if I select all items in Read/Write when creating the token. There is no item named 'Network' or 'Firewalls'. If I select all items in Read Only, I cannot consult and I get the reason: "Your OAuth token is not authorized to use this endpoint.".

This is the command that I used :
$ TOKEN=mytokenstring
$ curl -H "Authorization: Bearer $TOKEN" \
https://api.linode.com/v4/networking/firewalls \
| json_pp

I have not yet tried changing the firewall rules.

My question: how do I properly create an API Token to consult the firewall rules, and how do I create an API Token to modify them?

Thanks in advance for your help.

Kristoffel

1 Reply

Linode Staff

✓ Best Answer

Hi there,

I suspect you may have already found the answer to your question -- with that said, I do think the community at large would benefit from an answer to this situation:

If I select all items in Read Only, I cannot consult and I get the reason: "Your OAuth token is not authorized to use this endpoint.".

A read_only API token cannot view firewalls through our API endpoint: https://api.linode.com/v4/networking/firewalls

Consulting only works if I select all items in Read/Write when creating the token. There is no item named 'Network' or 'Firewalls'.

There is not currently an entry for the Firewall scope in the API Tokens - View Scopes drawer. Our development team is aware of this behavior. At this time, we don't have information available regarding implementation of this functionality.

Moving forward our Changelog will be a good resource for any details regarding updates made to our Cloud Manager and API:


My question: how do I properly create an API Token to consult the firewall rules, and how do I create an API Token to modify them?

You can view firewall information if it is assigned to a Linode via the API endpoint:
https://api.linode.com/v4/linode/instances/{linodeId}/firewalls

The following endpoint only requires linodes:read_only access, which you can set through the Cloud Manager when creating a token:


Alternatively, you can create an API token with specific access for firewalls via the following API command (where $TOKEN is an already existing token with full access):

curl -H "Content-Type: application/json" \

-H "Authorization: Bearer $TOKEN" \

-X POST -d '{

  "scopes": "firewall:read_write",

  "label": "firewall-read_write"

}' \

https://api.linode.com/v4/profile/tokens | json_pp

You would just change the scopes part of that command to read_only for read only access to firewalls (along with any relevant label you want to use).

Reply

Please enter an answer
Tips:

You can mention users to notify them: @username

You can use Markdown to format your question. For more examples see the Markdown Cheatsheet.

> I’m a blockquote.

I’m a blockquote.

[I'm a link] (https://www.google.com)

I'm a link

**I am bold** I am bold

*I am italicized* I am italicized

Community Code of Conduct