Hello everyone, 

I am trying to automate adding network devices to ISE using python API calls to ISE with the requests module and using JSON for the modifying of the data. 

Here is an example of the code:

#### 

import requests
import requests.auth
import getpass
import json

Username = input("Enter API Username:")

Password = getpass.getpass("Enter API Password:")

headers = {'Content-Type': 'application/json', 'Accept': 'application/json'}

ISEjson= {
"NetworkDevice" : {
"id" : "123456789",
"name" : "networkDevice1",
"description" : "example nd",
"authenticationSettings" : {
"radiusSharedSecret" : "aaa",
"enableKeyWrap" : True,
"dtlsRequired" : True,
"keyEncryptionKey" : "1234567890123456",
"messageAuthenticatorCodeKey" : "12345678901234567890",
"keyInputFormat" : "ASCII"
},
"snmpsettings" : {
"version" : "ONE",
"roCommunity" : "aaa",
"pollingInterval" : 3600,
"linkTrapQuery" : True,
"macTrapQuery" : True,
"originatingPolicyServicesNode" : "Auto"
},
"trustsecsettings" : {
"deviceAuthenticationSettings" : {
"sgaDeviceId" : "networkDevice1",
"sgaDevicePassword" : "aaa"
},
"sgaNotificationAndUpdates" : {
"downlaodEnvironmentDataEveryXSeconds" : 86400,
"downlaodPeerAuthorizationPolicyEveryXSeconds" : 86400,
"reAuthenticationEveryXSeconds" : 86400,
"downloadSGACLListsEveryXSeconds" : 86400,
"otherSGADevicesToTrustThisDevice" : False,
"sendConfigurationToDevice" : False,
"sendConfigurationToDeviceUsing" : "ENABLE_USING_COA",
"coaSourceHost" : "IseNodeName"
},
"deviceConfigurationDeployment" : {
"includeWhenDeployingSGTUpdates" : True,
"enableModePassword" : "aaa",
"execModePassword" : "aaa",
"execModeUsername" : "aaa"
}
},
"tacacsSettings" : {
"sharedSecret" : "aaa",
"connectModeOptions" : "ON_LEGACY"
},
"profileName" : "Cisco",
"coaPort" : 1700,
"dtlsDnsName" : "ISE213.il.com",
"NetworkDeviceIPList" : [ {
"ipaddress" : "1.1.1.1",
"mask" : 32
} ],
"NetworkDeviceGroupList" : [ "Location#All Locations", "Device Type#All Device Types" ]
}
}

ISE = requests.post("https://x.x.x.x:9060/ers/config/networkdevice", verify=False, auth=(Username, Password), headers=headers, json=ISEjson)

print(ISE.text)
print(ISE.status_code)
print(ISE.headers)

####

The issue I am running into is when I try to post the data to ISE I get the following: 

<!doctype html><html lang="en"><head><title>HTTP Status 401 – Unauthorized</title><style type="text/css">h1 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:22px;} h2 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:16px;} h3 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:14px;} body {font-family:Tahoma,Arial,sans-serif;color:black;background-color:white;} b {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;} p {font-family:Tahoma,Arial,sans-serif;background:white;color:black;font-size:12px;} a {color:black;} a.name {color:black;} .line {height:1px;background-color:#525D76;border:none;}</style></head><body><h1>HTTP Status 401 – Unauthorized</h1><hr class="line" /><p><b>Type</b> Status Report</p><p><b>Description</b> The request has not been applied because it lacks valid authentication credentials for the target resource.</p><hr class="line" /><h3></h3></body></html>
401
{'WWW-Authenticate': 'Basic realm="ERSRealm"', 'Content-Type': 'text/html;charset=utf-8', 'Content-Language': 'en', 'Content-Length': '1014', 'Date': 'Tue, 09 Jul 2019 02:02:03 GMT', 'Server': ''}

I am not sure why it is not authenticating as I can use the requests module to GET and DELETE stuff in ISE with this same account. Can anyone provide some insight?