Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Create a new article
50180
Views
56
Helpful
11
Comments

ACI Automation Part 1 - ACI with Postman Introduction

rsantoso
Level 1
Level 1

‎01-24-2018 08:51 PM - edited ‎03-01-2019 06:07 AM

 

I. Introduction

 

This article is a simple introduction on how to use automation in ACI.

 

In this article we’ll discuss on DN and Class name in ACI. As well as Postman, on how to login to ACI using Postman and creating a simple tenant.

 

II. Postman

 

1. What is Postman?

 

Postman is third party REST API tool. This can be used to create and retrieve object information in ACI. 

 

2. To download Postman

https://www.getpostman.com/

 

 

III. Distinguish Name and Managed Object

 

In ACI the components are represented in a management information tree (MIT). Each node in this MIT is a managed object (MO). MOs are identified by their unique distinguished name (DN). This DN provides the fully qualified path from the root of the object tree to the object itself.

 

DN is made up of a series of pieces known as relative names (RN).

 

dn = {rn}/{rn}/{rn}/{rn}…

 

The APIC REST API is a programmatic interface to the APIC. Here, you can use any programming language to generate REST calls, which contain JSON or XML formatted data to read and write objects in the APIC MIT.

 

IV. Logging to ACI with Postman

 

1. Define Your Variables

 

Click on Settings > Manage Environments

1.png

 

 

2.png

Click Add

 

Change the value of the apic, username and password accordingly.

 

2. Create Collections

 

On the top left hand side of your postman you can click either one of these button to create a new collections.

 

3.png

You can name it accordingly (e.g. Add Tenant) and click Create

 

3. Create New Request To Login To APIC

 

On the right hand side of the Postman, you can create a new request.

Inside the new request, you can fill in the following to login to APIC:

 

POST    https://{{apic}}/api/aaaLogin.json

 

Body

{ "aaaUser" : { "attributes": {"name":"{{username}}","pwd":"{{password}}" } } } 

 

As you see here, the {{apic}} {{username}} {{password}} here is your variable where you define in earlier step IV.1. It contains the value of whichever Fabric you’re currently in. The variable have to be inside the double curly braces {{ }}.  

 

Click Send.

 

4.png

Once Send, you can see the response at the bottom of the Postman that shows you the token generated.

 

Click Save, this is next to your send button. This is to Save the request to your Collection folder that you created earlier.

 

V. Creating Simple Tenant

 

1. Create New Request For Creating Tenant

 

Below example will create the new tenant with the name "tenant-1"

 

POST   https://{{apic}}/api/node/mo/uni/tn-tenant-1.json

 

Body

{"fvTenant":{"attributes":{"dn":"uni/tn-tenant-1","name":"tenant-1","rn":"tn-tenant-1","status":"created"},"children":[]}}

 

5.png

Click Send.

 

Make sure that this request is run after you logged in (Step 4). If this request is run without login, you'll find the authentication error.

 

Save the request to the collection folder.

 

2. Result

In your APIC ALL TENANTS, you'll find tenant-1 has been created.

6.png

 

 

Labels:
Comments
Devavrat Oka
Level 1
Level 1
‎05-21-2018 11:22 AM

Thanks. How do I get around this?

{"totalCount":"1","imdata":[{"error":{"attributes":{"code":"403","text":"Token was invalid (Error: Token timeout)"}}}]}

This is right after I post for an APIC login and get a successful login (Status 200 OK)

 

Thank you!

craig.howson
Level 1
Level 1
‎06-21-2018 03:39 AM

Hi

 

I have the same issue where it complains....

 

{
"totalCount": "1",
"imdata": [
{
"error": {
"attributes": {
"code": "403",
"text": "Need a valid webtoken cookie (named APIC-Cookie) or a signed request with signature in the cookie APIC-Request-Signature for all REST API requests"
}
}
}
]
}

 

Any ideas?

c3max
Level 4
Level 4
‎06-22-2018 08:09 AM

I know the problem has something to do with not being logged in.

 

Can the login script be combined with the create tenant script?  How do you do that?

 

Jayesh Singh
Cisco Employee
Cisco Employee
‎08-15-2018 08:07 AM

Hello,

 

You need to login first so that you have a valid token for your subsequent requests. In the response of login script you would see token and refresh timeout (by default 600 seconds). If the session is established and remains idle for 600 seconds, then you may have to post the login script again.

 

<snip>

 <aaaLogin token="hUUaqAhmcuq56GPdvPDB76hjHxgkdNli1BcixXCFTxXiQaUrIT5zWbqWhRHcoVKwGPejFKa4U3f9LRyiPSL6fJbMDGWsWUpmz0wilYbtO1OHk+ClcOrZUnh4SzsfilAWWGa0tvxtBK/EtsEmU2+6Iz6iBwXBElCyhA913GYT1SVnoIpuz1G87rHHGX9kiLQl" siteFingerprint="B/A83Gry7cx9r2vb" refreshTimeoutSeconds="600"

</snip>

 

There are two ways to do it,

1. Either post the login script first (separately) and then post your subsequent scripts.

2. Save your  sequential list of scripts in a collection and place the login script at the top. With this you can run multiple sequential script with one go, eg. creating filter, contracts and attaching it to the EPG with one collection runner consisting of multiple jobs.
CollectionRunner.PNG

 CollectionRunner2.PNG

In the above snapshot, ACI-API is the collection, which contains folder name Fabric and in that folder there are sequential scripts.

 

 

 

 

 

 

fonsies
Level 1
Level 1
‎03-07-2019 04:40 AM

Why didn't you have to use the token for the next post request?

 

I read in ACI documentation that once you get the auth token from the login request, then you should use it in next requests.

 

If I create a script in python to make both requests, do I have to send the token in the second request as an Authorization request header? Something like:

Authorization : Bearer eyJhbGciOiJSUzI1NiIsInR5cCIgOiAiSldUIiw...

 

Thank you!

Jayesh Singh
Cisco Employee
Cisco Employee
‎03-07-2019 05:43 AM

Hi Fonsies,

In postman, it maintains the session like browser. So when we post login payload, a session is created which lasts for 600seconds(default token refresh timeout). So any subsequent requests are allowed bydefault since they are part of the same session.

 

In case of firing APIs with python, to avoid overhead of sending token through header of subsequent request, you should use request.session() function from requests lib.

 

Regards,

Jayesh

 

Thameem Maranveetil Parambath
Level 1
Level 1
‎06-06-2020 11:05 PM

Very useful ... Thank you

dudekapil10m
Level 1
Level 1
‎11-21-2020 11:13 AM

Very useful...

 

I am a beginner and the doc has helped me a lot in understanding the overall automation concept for ACI and DN, MOs.

Cheers!!

zulhaidi.hashim@gmail.com
Level 1
Level 1
‎01-04-2022 06:46 AM

Thanks this is quite useful

SukeshP
Level 1
Level 1
‎04-01-2022 05:01 AM

Hi ,

Has anyone encountered this issue while login to apic through postman i dont have a local credentails for APIC

how do i  login to GUI is  i need to select domain named ISE which  goes to ISE server for auth.

i this senerio on postman below script is not working . do i need to do any modification for login by select ISE as domain.

{
  "aaaUser" : {
    "attributes" : {
      "name" : "apic:LOCAL-DOMAIN-NAME\\georgewa",
      "pwd" : "paSSword1"
    }
  }
}

 

Thameem Maranveetil Parambath
Level 1
Level 1
‎04-01-2022 05:15 AM
Please try this..
apic#LOCAL-DOMAIN-NAME\\georgewa
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents

Review Cisco Networking for a $25 gift card