Good morning everyone,

I am currently trying to dig an API approach on a 9800-CL, to create Guest Users through API.

I tried with my admin user, everything works correctly, the customer is satisfied of the firsts tries and we are going deep in this way.

But I would like to use a dedicated account to send API requests to the 9800, by example "API-User".

I thought of a customized privilege account, 10 by exemple, to whom I'll grant access to a certain set of commands.

I tried to log in through CLI and it works fine, but when I use Postman, I get a 403 Forbidden error, and if I use a privilege 15 account, it works.

Fun fact : when I try a GET request with Postman, it says Access Denied, but the logs on the WLC says : DMI-5-AUTH_PASSED: Chassis 1 R0/0: dmiauthd: User 'API' authenticated successfully from 192.168.69.8:0 and was authorized for rest over http. External groups: PRIV10

In the Programmability Configuration Guide, chapter 13, this statement is made : "Upon enabling the NETCONF and/or RESTCONF services, a device that has no prior configuration of the
/nacm subtree will deny read, write, and execute access to all operations and data other than the users of
privilege level 15."

Therefore, I was wondering if it was possible to edit the NACM configuration that could allow privilege level 10 users to access operations through API.

Is there someone that faced the same issue ?

I hope that I could explain it clearly and that it's not impossible.

Thank you for your help.

Have a nice day.
Nicolas.