Skip to main content

Sonatype Repository Firewall API (Previously IQ API)

Introduction

Note

In Sonatype Nexus Repository release 3.53.0, we renamed the IQ API to Sonatype Repository Firewall API. This is a UI update only and does not impact the API URLs.

The Sonatype Repository Firewall API exposes HTTP endpoints for creating, updating, deleting and viewing of Sonatype Repository Firewall connection details.

Please see the API section (found in the Administration section under System → API) of your Sonatype Nexus Repository instance for detailed information about the IQ API including sample requests and responses.

Endpoints

The REST API endpoints can be used to accomplish the following:

  • Get Sonatype Repository Firewall configuration

  • Update Sonatype Repository Firewall configuration

  • Disable Sonatype Repository Firewall configuration

  • Enable Sonatype Repository Firewall configuration

  • Verify Sonatype Repository Firewall connection

Configure Fail Open Mode

Should your Sonatype Nexus Repository connection to Sonatype IQ Server ever fail for some reason, you can configure "fail open" mode to allow developers to still download new components that have never been quarantined (i.e., components that do not have a quarantine status). Without fail open mode or when fail open mode is disabled, attempts to download such components will not work.

Currently, fail open mode can only be configured via the Sonatype Repository Firewall API, and updating configuration via WebUI may result in Sonatype Nexus Repository forgetting any value previously set for failOpenModeEnabled.

Toenablefail open mode, use a REST call like the following:

curl -u <admin username>:<admin password> -X PUT -H 'Content-Type: application/json' -d '{"enabled": true,"showLink": true,"url": "<iq base url>:8070","authenticationType": "USER","username": "<iq admin username>","password": "<iq admin password>","useTrustStoreForUrl": true,"timeoutSeconds": 3600, "failOpenModeEnabled": true}' "<nexus base url>/service/rest/v1/iq"

Todisablefail open mode, use a REST call like the following:

curl -u <admin username>:<admin password> -X PUT -H 'Content-Type: application/json' -d '{"enabled": true,"showLink": true,"url": "<iq base url>:8070","authenticationType": "USER","username": "<iq admin username>","password": "<iq admin password>","useTrustStoreForUrl": true,"timeoutSeconds": 3600, "failOpenModeEnabled": false}' "<nexus base url>/service/rest/v1/iq"

If you've already configured your Sonatype Nexus Repository and IQ Server connection, you can retrieve all of the current properties using a REST call like the following:

curl -u <admin username>:<admin password> -X GET "<nexus base url>/service/rest/v1/iq"