cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
327
Views
5
Helpful
5
Replies
Q5 Beginner
Beginner

Cisco Prime Infrastructure (WiFi) REST API Security and access control

Hi guys

 

I need to read about how to secure and control the access to Cisco Prime Infra APIs.  Where can I read about this?

Everyone's tags (1)
1 ACCEPTED SOLUTION

Accepted Solutions
Cisco Employee

Re: Cisco Prime Infrastructure (WiFi) REST API Security and access control

Nope, that is not all.

In the Prime Infrastructure we have three user groups that control access to APIs:

  • NBI Read - most of GET API resources
  • NBI Write - most of POST/PUT/DELETE API resources
  • NBI Credential - API resources that return sensitive data, like device credentials

 

There also is a concept of Virtual Domains that allows to logically group devices, device groups, and other network elements. Virtual domains control the devices users can access. The API respects this concept; API requests are filtered by the users active domain.

You can find more information about virtual domains in Prime Infrastructure in the Admin Guide.

5 REPLIES 5
Cisco Employee

Re: Cisco Prime Infrastructure (WiFi) REST API Security and access control

Hi,

You can read about this on Authentication, Authorization, and Security API documentation page:

/webacs/api/v1/?id=authentication-doc

If you do not have a Prime Infrastructure in your lab you can read the documentation on DevNet:

https://developer.cisco.com/site/prime-infrastructure/documents/api-reference/rest-api-v3-5/
Q5 Beginner
Beginner

Re: Cisco Prime Infrastructure (WiFi) REST API Security and access control

Is that all there is about AAA in Cisco Prime?

My OSS team is refusing me access via APIs because they can't control the access well enough

Is there a more granular control than read and write access? I is it possible to restrict the access to certain area of Cisco Prime Infrastructure or to certain groups of devices via the same (CPI) ?

Cisco Employee

Re: Cisco Prime Infrastructure (WiFi) REST API Security and access control

Nope, that is not all.

In the Prime Infrastructure we have three user groups that control access to APIs:

  • NBI Read - most of GET API resources
  • NBI Write - most of POST/PUT/DELETE API resources
  • NBI Credential - API resources that return sensitive data, like device credentials

 

There also is a concept of Virtual Domains that allows to logically group devices, device groups, and other network elements. Virtual domains control the devices users can access. The API respects this concept; API requests are filtered by the users active domain.

You can find more information about virtual domains in Prime Infrastructure in the Admin Guide.

Q5 Beginner
Beginner

Re: Cisco Prime Infrastructure (WiFi) REST API Security and access control

Thanks for the help.

One last question, it is not clear from the documentation if the access to the REST APIs can be restricted further for Read only or Write by creating other groups than the built in ones and allowing the users to do only certain things. Can you comment on this please?

Highlighted
Cisco Employee

Re: Cisco Prime Infrastructure (WiFi) REST API Security and access control

No, unfortunately there is no way for end-users to have more granular control over the REST APIs.

Content for Community-Ad
July's Community Spotlight Awards
This widget could not be displayed.