Showing results for 
Search instead for 
Did you mean: 

Need help in UCCE Admin API usage.

Dear fellows,

I am working on UCCE Admin APIs. Actually I am stuck with  API requests and I need some help.

When I send request to an API such as http://<server>/unifiedconfig/config/skillgroup?summary=true using Firefox POSTER or a Java Web Service client, I get 401 unauthorized error with response body as "<html><head><title>Apache Tomcat/7.0.25 - Error report</title>".

When I try to send a GET request on the <server> URL using a browser I get following error in a browser pop-up window i.e. "Cisco VTG Realm."

Same goes for all the APIs.

Following are the main purpose which I am trying to achieve:

- Get the list of Skill Group of an Agent

- Add/Remove the skill groups to/from that Agent


- Get the list of Agents in an Skill Group

- Add/Remove the Agents to/from Skill Group


For this I am following “Cisco Unified Contact Center Enterprise Developer Reference Release

For the solution of this problem I also contacted an expert, who is currently employed at CISCO. He replied that you should be using <adminuser>@domain as the user format.For example, on the lab here I’m accessing the API with as the username.

When I use credentials i.e. <adminuser>@domain, I get “403 Forbidden” error. Showing that the above request is not allowed to the user.

I also tried using Supervisor credentials, with or without the above mentioned format, but again faced “401 Unauthorized” error in both cases.

I again inform him and explain the whole problem then he replies that you’ll get a 403 if you are using https or the ICM version doesn’t support the API request that you’re issuing and you will get 401 if the user credential are incorrect.

After some digging I came to know that “403 Forbidden” error is caused if we are using an unsupported version of “ICM” or if we are not using “https.” I am using ICM v 9.0.4 & http, secondly the credentials used are correct and there is no issue with those credentials.

Kindly help me to resolve the above mentioned issues, so that I can proceed with using UCCE Admin APIs.

Thank you for your consideration.

Mateusz Pagacz
Cisco Employee


This expert is correct. For anything newer than 9.0(2) UPN format, username@fqdn, is required.

Also make sure this AD user is a member of your ICM Configuration Users security group.

Dear Mateusz,
Thank for the reply.
Now I am sure that the AD is am member of ICM Configuration Users security group.
Only deployment API is working expect all the other APIs such as Skill-group, Agent or Interval Buckets. The API work for me is "https://<server>/unifiedconfig/config/deployment", when I send request to server using GET method I get the following reponse:
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>

Deploment Type 0 mean: No deployment type specified. Initial type set at installation. Once set to another deployment-type, you cannot switch back to 0.

How can I change the deployment-type "6" which is "UCCE 12000 Agents Router/Logger" so that I am able to do my task which mention in above question?
Any help would be appreciated.

You can change it from CCE Web Administration: System > Deployment.

Dear Mateusz,
Thank you for providing the requested information.
After changing deployment type “5” from CCE Web Administration: System > Deployment which is as follow:-

Deployment Type UCCE 8000 Agents Router/Logger

Unified CCE Version

When I send Deployment API to server I get the following response:
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>

How to set tag <supervisorLoginAllowed> True? Because in UCCE guide the deployment response should be :

Thank you in anticipation.

In order to access SG you have to authenticate as a supervisor providing his login name and password and not AD UPN.


From Cisco Unified Contact Center Enterprise Developer Reference Release 10.0(x):

The following APIs are not available for administrators:

  • Agent Team API, on page 19
  • Skill Group AaPI, on page 43


Supervisor Access

  • Skill Group API, on page 43:
    • Supervisors can only see and update skill groups that are on their peripheral.
    • When updating a skill group, supervisors can only change the agents parameter to add or remove agents who are on their teams.

To authenticate:

  • Administrators must provide a fully qualified user name (for example, and password.
  • Supervisors must provide their agent username and password.



I am trying to use the Agent's API to update the Agent's password using UCCE 10.5 API. First, I query back the changeStamp using the admin login credential(FQDN) encounter no issues. Then I switch over to supervisor login credential and send the web request using the xml below:


Method: Put


<?xml version="1.0" encoding="UTF-8" standalone="yes"?>


I am getting 401 No authorized. 


Base on the UCCE 10.5(1) link below


The UCCE admin creates the supervisor login credential. The supervisor can change the agent information in their own team.


Any idea, why I am getting 401 Unauthorized.





Content for Community-Ad

Spotlight Awards 2021