cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
501
Views
10
Helpful
4
Replies

REST API / RESTCONF do either support API Keys for Authentication

REST API / RESTCONF do either support API Keys for Authentication 

 

if so how do you configure them and is there any supporting documentation?

Everyone's tags (1)
1 ACCEPTED SOLUTION

Accepted Solutions
Cisco Employee

Re: REST API / RESTCONF do either support API Keys for Authentication

There is a video up on youtube with something of a roadmap, https://youtu.be/0NKXomgoXSc?t=5384 . It does not mention what you are asking for though.

 

I'd recommend you to do a feature request or reach out to our product managers and let them you need this.

4 REPLIES 4
Cisco Employee

Re: REST API / RESTCONF do either support API Keys for Authentication

Hi,

 

No really, but for RESTCONF you can use tokens, see this answer here https://community.cisco.com/t5/nso-developer-hub-discussions/securing-rest-api/m-p/3726495/highlight/true#M2748

 

And try to use RESTCONF and not the old REST API. :)

 

Hope it helps!

Re: REST API / RESTCONF do either support API Keys for Authentication

This is quite a issue for my customer as they wish to prevent attack from with in (disgruntled employee). they wished to use certificates and key for any authentication and no user would know any credentials for NSO API's.

 

i assume this is getting a addressed in an up and coming version of NSO

 

would you be able to share a road map of features/releases for NSO with rough time lines for when available on CCO ?

 

Thanks

Regards

Yale

Cisco Employee

Re: REST API / RESTCONF do either support API Keys for Authentication

There is a video up on youtube with something of a roadmap, https://youtu.be/0NKXomgoXSc?t=5384 . It does not mention what you are asking for though.

 

I'd recommend you to do a feature request or reach out to our product managers and let them you need this.

Highlighted
Beginner

Re: REST API / RESTCONF do either support API Keys for Authentication

Hi Yale,

 

Did you ever get a definitive answer on this?  The (4.7) Admin Guide has no mention of client certificates that I can find, but the man page for ncs.conf shows this:

 

/ncs-config/webui/transport/ssl/verify (1 | 2 | 3) [1]
Specifies the level of verification the server does on client certificates. 1 means nothing, 2 means the server will ask the client for a certificate but
not fail if the client does not supply a client certificate, 3 means that the server requires the client to supply a client certificate.

 

I wonder if this can be made to work with the RESTCONF API...