This article describes how to deploy a REST API Admin user and change the super_admin_readonly profile by default  to perform a full backup.

1. Go to System ->Administrators -> Create New -> REST API Admin.

2. Create the user, in this example 'test_api'. Do not forget to copy the API Key when backing up the config file.

In case a new API key needs to be generated, it can be regenerated:

3. Change the profile by CLI:

config system api-user

    edit test_api

        set accprofile "super_admin_readonly" <----- Change the profile previously assigned by GUI.

(test_api) # set accprofile super_admin <----- This change can only be performed by CLI.

end

To create an API user via CLI :

config system api-user

    edit test_api

        set api-key ************

        set accprofile super_admin

        set vdom "root"
    end

Generate the API token: 

execute api-user generate-key <API username>

From v7.6.x, it is also possible to add the expiry date of the API key. 

execute api-user generate-key <API username> <expiry time>

For example: 

execute api-user generate-key test_api 480   <----- Optional expiry of API key in minutes.

Note:

Do not forget that if the configuration file is backed up with a super_admin_readonly, all configurations will not be visible.

Related documents:

execute api-user

REST API administrator