AFA SOAP web services

AFA offers a SOAP API which allows you to integrate AFA functionality into external applications.

The AFA WSDL file

The AFA Web service's WSDL file is available at:

https://<algosec_server>/AFA/php/ws.php?wsdl

where <algosec_server> is the AFA/FireFlow server URL.

AFA SOAP method reference

The standard SOAP request envelope header for AFA is:

<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:afa="https://www.algosec.com/afa-ws">  

<soapenv:Header/>

Note: The entity name is the display name for the device/group/matrix. The entity ID (tree name) is an internal representation of the device/group/matrix, usually the display name without non-alphanumeric characters or spaces.

An example for a full SOAP request is as follows:

Copy 
<soapenv:Envelope
    xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/"
    xmlns:afa="https://www.algosec.com/afa-ws">
    <soapenv:Header/>
    <soapenv:Body>
        <afa:GetHostGroupNameDeviceRequest>
            <SessionID>rgivhhlio8qeqch8l6vpljd7m3</SessionID>
            <DeviceID>device1</DeviceID>
            <HostGroupName>Group3</HostGroupName>
        </afa:GetHostGroupNameDeviceRequest>
    </soapenv:Body>
</soapenv:Envelope>

The AFA SOAP interface supports the following methods:

AFA SOAP methods Description
add_device_to_group Adding a Device to a Group
connect

Starting a Session

Note: All other methods require a session ID which is obtained with the connect method.
create_device Creating a Device
create_device_group Creating a Device Group
create_role Creating a New Role
create_user Creating a New User
delete_role Deleting a Role
delete_scheduler_job Deleting a Scheduler Job
delete_user Deleting a User
device_changes_over_time_report Device Changes Over Time
disconnect Ending a Session
edit_rule_documentation Editing a Rule's Documentation
get_all_hostgroups

Retrieving a List of all Network Object Information

get_all_services Retrieving a List of all Service Object Information
get_configuration Getting the Configuration
get_containing_objects Retrieve containing objects
get_device_statistics Retrieving Statistics for a Device
get_devices_list Retrieving a List of all Devices
get_entity_id Retrieving an Entity ID
get_entity_name Retrieving an Entity Name
get_group_content Retrieving a List of Devices Contained in a Group
get_groups_list Retrieving a List of all Groups
get_hostgroup_by_name_and_device Retrieving a Network Object's Information
get_hostgroups_by_device Retrieving a Device's Network Object Information
get_license Retrieve license
get_nat_discovery Retrieving NAT Values for a Device or Group
get_parent_device Retrieve parent device
get_report_pdf Retrieving PDF of Report Page
get_rule_documentation Retrieving a Rule's Documentation
get_rules_by_device Retrieving a List of a Device's Rules
get_service_by_name_and_device Retrieving a Service Object's Information
get_services_by_device Retrieving a Device's Service Object Information
get_unused_rules Retrieving a List of Unused Rules
importing_risks_from_spreadsheet Import Risks from Spreadsheet
importing_risks_from_XML Import Risks from XML File
is_session_alive Verifying a Session is Active
query Run traffic simulation queries
risks_summary Retrieving Risk Information for a Device
search_object_by_IP Search for object by IP
search_rule Searching for Rules
set_configuration Setting Configuration Parameters
set_scheduler_job Creating and Updating a Scheduler Job
start_analysis Starting an Analysis
update_role Updating a Role
update_user Updating a User

If the method's operation is successful, the method response returns data items or an indication of success. If the method's operation was not successful, the response indicates that a SOAP fault has been thrown. For more details, see SOAP faults and SOAP fault list.

SOAP faults

The returned SOAP fault name is connectError.

The following are some of the possible additional SOAP faults:

  • The user does not have the necessary permissions.
  • The device is a group.

The following example is for a fault thrown when the user does not have permissions on the firewall.

Copy 
<SOAP-ENV:Body>
    <SOAP-ENV:Fault>
        <faultcode>ns1:AFA-WS</faultcode>
        <faultstring>[710]  [device [fw3] is not in the list of permitteddevices]</faultstring>
        <faultactor>AFA Web Service</faultactor>
        <detail>
            <ns1:ErrorDetails>
                <code>710</code>
                <description>[710]  [device [fw3] is not in the list of permitteddevices]</description>
            </ns1:ErrorDetails>
        </detail>
    </SOAP-ENV:Fault>
</SOAP-ENV:Body>