09-29-2021 08:36 PM - edited 09-29-2021 08:36 PM
Hi community,
I'm testing REST API calls with a Cisco router CSR1000v version 17.03.04a but when I execute the GET curl command the HTTP response is "403 forbidden" with the argument "access-denied", before that when I make an Options call the router HTTP response is 200 OK.
root:~#curl -i -k -X "OPTIONS" "https://192.168.122.184:443/restconf/data/Cisco-IOS-XE-native:native/logging/monitor/severity" -H 'Accept: application/yang-data+json' -u 'admin:admin'
HTTP/1.1 200 OK
Server: openresty
Date: Thu, 30 Sep 2021 03:08:50 GMT
Content-Type: text/html
Content-Length: 0
Connection: keep-alive
Allow: DELETE, GET, HEAD, PATCH, POST, PUT, OPTIONS
Cache-Control: private, no-cache, must-revalidate, proxy-revalidate
Accept-Patch: application/yang-data+xml, application/yang-data+json
Pragma: no-cache
root:~#curl -i -k -X "GET" "https://192.168.122.184:443/restconf/data/ietf-interfaces:interfaces" -H 'Accept: application/yang-data+json' -u 'admin:admin'
HTTP/1.1 403 Forbidden
Server: openresty
Date: Thu, 30 Sep 2021 03:14:47 GMT
Content-Type: application/yang-data+json
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: private, no-cache, must-revalidate, proxy-revalidate
Vary: Accept-Encoding
Pragma: no-cache
{
"errors": {
"error": [
{
"error-message": "access denied",
"error-tag": "access-denied",
"error-type": "application"
}
]
}
}
please can you help me to check what's wrong.
Thank you in advance.
09-30-2021 03:34 AM
@famunoz01 you curl is good it works fine (I tested on the sandbox - you can also to test) - you might need to look at the logs on the device to see why this is being rejected.
(venv) STUACLAR-M-R6EU:~ stuaclar$ curl -i -k -X "GET" "https://sandbox-iosxe-latest-1.cisco.com/restconf/data/ietf-interfaces:interfaces" -H 'Accept: application/yang-data+json' -u 'developer:C1sco12345' HTTP/2 200 server: nginx/1.13.12 date: Thu, 30 Sep 2021 10:32:05 GMT content-type: application/yang-data+json cache-control: private, no-cache, must-revalidate, proxy-revalidate pragma: no-cache { "ietf-interfaces:interfaces": { "interface": [ { "name": "GigabitEthernet1", "description": "MANAGEMENT INTERFACE - DON'T TOUCH ME", "type": "iana-if-type:ethernetCsmacd", "enabled": true, "ietf-ip:ipv4": { "address": [ { "ip": "10.10.20.48", "netmask": "255.255.255.0" } ] }, "ietf-ip:ipv6": { } }, { "name": "GigabitEthernet2", "description": "Trunk to RT33 Gi3", "type": "iana-if-type:ethernetCsmacd", "enabled": true, "ietf-ip:ipv4": { }, "ietf-ip:ipv6": { } }, { "name": "GigabitEthernet2.12", "description": "test", "type": "iana-if-type:ethernetCsmacd", "enabled": true, "ietf-ip:ipv4": { }, "ietf-ip:ipv6": { } }, { "name": "GigabitEthernet3", "description": "Network Interface", "type": "iana-if-type:ethernetCsmacd", "enabled": false, "ietf-ip:ipv4": { "address": [ { "ip": "10.10.2.10", "netmask": "255.255.255.0" } ] }, "ietf-ip:ipv6": { } }, { "name": "Loopback0", "type": "iana-if-type:softwareLoopback", "enabled": true, "ietf-ip:ipv4": { "address": [ { "ip": "10.10.10.100", "netmask": "255.255.255.255" } ] }, "ietf-ip:ipv6": { } }, { "name": "Loopback1", "type": "iana-if-type:softwareLoopback", "enabled": true, "ietf-ip:ipv4": { }, "ietf-ip:ipv6": { } }, { "name": "Loopback5", "description": "Demo", "type": "iana-if-type:softwareLoopback", "enabled": true, "ietf-ip:ipv4": { "address": [ { "ip": "5.5.5.5", "netmask": "255.255.255.255" } ] }, "ietf-ip:ipv6": { } }, { "name": "Loopback69", "type": "iana-if-type:softwareLoopback", "enabled": true, "ietf-ip:ipv4": { }, "ietf-ip:ipv6": { } }, { "name": "Loopback100", "description": "Added with RESTCONF", "type": "iana-if-type:softwareLoopback", "enabled": true, "ietf-ip:ipv4": { "address": [ { "ip": "172.16.100.1", "netmask": "255.255.255.0" } ] }, "ietf-ip:ipv6": { } }, { "name": "Loopback1000", "description": "DevNet", "type": "iana-if-type:softwareLoopback", "enabled": true, "ietf-ip:ipv4": { }, "ietf-ip:ipv6": { } }, { "name": "VirtualPortGroup0", "type": "iana-if-type:propVirtual", "enabled": true, "ietf-ip:ipv4": { "address": [ { "ip": "192.168.1.1", "netmask": "255.255.255.0" } ] }, "ietf-ip:ipv6": { } } ] } }
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide