cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
190
Views
0
Helpful
1
Replies

Cisco ISE API to create a Custom Condition

JPavonM
VIP
VIP

Hi community,

I'm using a Custom Condition to block some laptops names during authorization and it works fine.
I've managed to create an API to check the condition exist, and /add/remove new hosts to it, but I cannot manage to implement the call to create the Custom Condition if it does not exist (sb remove it). Using the Postman collection method here (https://www.postman.com/lunar-module-astronomer-52086722/cisco-ise/request/527hljw/network-access-creates-a-library-condition) I always got Error 400 "request has bad input format in the body"
This is the JSON body I'm using for the API call:

{
    "conditionType": "LibraryConditionOrBlock",
    "name": "Deny_Machine_Names_TEST",
}

The before payload is the reduced version of the JSON output of the existing object:

{
"link": {
"rel": "self",
"href": "https://<ISE_URL>/api/v1/policy/network-access/condition/<OBJECT_ID>",
"type": "application/json"
},
"conditionType": "LibraryConditionOrBlock",
"isNegate": false,
"children": [
{
"link": None,
"conditionType": "ConditionAttributes",
"isNegate": False,
"dictionaryName": "Radius",
"attributeName": "User-Name",
"operator": "contains",
"dictionaryValue": None,
"attributeValue": "TT059"
}
],
"name": "Deny_Machine_Names",
"description": None
}
It doesn't matter if I use these basic fileds on the payload, or add more, it always returns error.
Any help would be appreciated.
 
Regards,
Jesus
1 Accepted Solution

Accepted Solutions

thomas
Cisco Employee
Cisco Employee

When trying new APIs for the first time - especially with complicated ones like ISE Policy - it is always helpful to create your desired configuration in the GUI then perform a GET request on the respective API to see the structure and values. You may then use that as a template for your POST or PUT methods for similar configurations.

If the JSON above is for the POST, you do not include the link attribute in your POST request.

View solution in original post

1 Reply 1

thomas
Cisco Employee
Cisco Employee

When trying new APIs for the first time - especially with complicated ones like ISE Policy - it is always helpful to create your desired configuration in the GUI then perform a GET request on the respective API to see the structure and values. You may then use that as a template for your POST or PUT methods for similar configurations.

If the JSON above is for the POST, you do not include the link attribute in your POST request.