cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
6037
Views
15
Helpful
10
Replies

DNAC 1.1 API Authertication discusion

daxu2
Cisco Employee
Cisco Employee

Hello expert:

   from dnac api 1.1 version,it change the authertication model.

   APIC-EM API authertication step

  1) send get login request and get a token.

  2) all other api want be invoked must using token

  3) close the session

  but now DNAC api

   1) send get login request,but no token returned

   2) call other api,not need token

I do the follow testing

  1) i do not send login request,and direct to call get network device,it also work good.

so i think now DNAC API login is not needed,it is so danger.

1 Accepted Solution

Accepted Solutions

jafrazie
Cisco Employee
Cisco Employee

Hi Da:

There are 3 APIs here you might need:

  1. api/system/v1/auth/login — this logs in and DNAC will return a cookie. Most web clients (like Paw or Postman) store cookies set by servers in a Cookie session and automatically send them back in subsequent requests. You should be able to optionally disable this if on a per-request basis for the client in question. The cookie’s idle-timeout is 30min. Thus, if you make no subsequent request for 30min, you will need to login again.
  2. api/system/v1/auth/logoff — this logs you out directly, and clears state.
  3. api/system/v1/auth/token — this returns a token as a response in a JSON object. This way, you can re-use it for any request that may need it directly (Python script, Ansible, etc.).

Hope this helps,

View solution in original post