ON THIS PAGE
Example: Configuring the REST API
This example demonstrates how to configure the REST API on a Junos OS device.
Requirements
A routing, switching, or security device running Junos OS Release 14.2 or later is required.
Overview
This example configures the REST API on a Juniper Networks M10i Multiservice Edge Router. The example configures both HTTP and HTTPS access, with both lighttpd and juise tracing.
Configuration
CLI Quick Configuration
To quickly configure this example, copy the following
commands, paste them in a text file, remove any line breaks, change
any details necessary to match your network configuration, copy and
paste the commands into the CLI at the [edit] hierarchy
level, and then enter commit from configuration mode.
set system services rest control allowed-sources [192.0.2.0 198.51.100.0] set system services rest control connection-limit 100 set system services rest http port 3000 set system services rest http addresses [203.0.113.0 203.0.113.1] set system services rest https port 3443 set system services rest https addresses [203.0.113.2 203.0.113.3] set system services rest https server-certificate testcert set system services rest https cipher-list rsa-with-3des-ede-cbc-sha set system services rest https mutual-authentication certificate-authority testca set system services rest traceoptions flag all set system services rest enable-explorer
Configuring the REST API
Step-by-Step Procedure
To configure the REST API:
Specify allowed IP addresses for incoming HTTP and HTTPS connections.
[edit] user@R1# set system services rest control allowed-sources [192.0.2.0 198.51.100.0]
Specify the maximum number of allowed connections over both HTTP and HTTPS.
[edit] user@R1# set system services rest control connection-limit 100
Set the TCP port for incoming HTTP connections.
[edit] user@R1# set system services rest http port 3000
Set the addresses on which the server listens for incoming HTTP connections.
[edit] user@R1# set system services rest http addresses [203.0.113.0 203.0.113.1]
Set the TCP port for incoming HTTPS connections.
[edit] user@R1# set system services rest https port 3443
Set the addresses on which the server listens for incoming HTTPS connections.
[edit] user@R1# set system services rest https addresses [203.0.113.2 203.0.113.3]
Set the server certificate.
[edit] user@R1# set system services rest https server-certificate testcert
Configure the set of ciphers the server can use to perform encryption and decryption functions.
[edit] user@R1# set system services rest https cipher-list rsa-with-3des-ede-cbc-sha
(Optional) Set up TLS mutual authentication on both the server and client with a certificate.
[edit] user@R1# set system services rest https mutual-authentication certificate-authority testca
(Optional) Configure trace options for lighttpd, juise, or both.
[edit] user@R1# set system services rest traceoptions flag all
(Optional) Enable the REST API Explorer.
[edit] user@R1# set system services rest enable-explorer
Commit the configuration.
[edit] user@R1# commit and-quit
Results
system {
services {
rest {
control {
allowed-sources [ 192.0.2.0 198.51.100.0 ];
connection-limit 100;
}
enable-explorer;
http {
addresses [ 203.0.113.0 203.0.113.1 ];
port 3000;
}
https {
port 3443;
addresses [ 203.0.113.2 203.0.113.3 ];
server-certificate testcert;
cipher-list rsa-with-3des-ede-cbc-sha;
mutual-authentication {
certificate-authority testca;
}
}
traceoptions {
flag all;
}
}
}
}
Verification
Verifying REST API Configuration
Purpose
Confirm that the REST API configuration is working properly on the device.
Action
Display the REST API configuration by issuing the show configuration system services rest operational mode command.
user@R1> show configuration system services rest
http {
port 3000;
addresses [ 203.0.113.0 203.0.113.1 ];
}
https {
port 3443;
addresses [ 203.0.113.2 203.0.113.3 ];
server-certificate testcert;
cipher-list rsa-with-3des-ede-cbc-sha;
mutual-authentication {
certificate-authority testca;
}
}
control {
allowed-sources [ 192.0.2.0 198.51.100.0 ];
connection-limit 100;
}
traceoptions {
flag all;
}
enable-explorer;Meaning
This example configured both HTTP and HTTPS access on a Juniper Networks M10i Multiservice Edge Router. For HTTP access, the device listens on port 3000 and permits traffic from IP addresses 192.0.2.0, 198.51.100.0, 203.0.113.0, and 203.0.113.1. For a more secure connection, HTTPS access was configured with mutual authentication, using port 3443 and allowed IP addresses of 192.0.2.0, 198.51.100.0, 203.0.113.2, and 203.0.113.3. A connection limit of 100 has been configured for both HTTP and HTTPS, and both juise and lighttpd tracing has been enabled. By default, the REST API Explorer is disabled (see Example: Using the REST API Explorer).