{ "restSchemaVersion": "1.0", "errors": [ { "error_id": "BAD_REQUEST", "description": "Invalid argument.", "http_status": "400" }, { "error_id": "AUTH_REQUIRED", "description": "Authentication required.", "http_status": "401" }, { "error_id": "AUTH_INVALID_CREDENTIALS", "description": "Make sure the user name is correct and type your password again. Be sure to use the correct case for the user name and password.", "http_status": "401" }, { "error_id": "INTERNAL_ERROR", "description": "Internal error.", "http_status": "500" } ], "name": "mgmt.remote_authentication", "title": "Remote Authentication API.", "version": "1.0", "schemas": [], "defaultAuthorization": "required", "servicePath": "/api/mgmt.remote_authentication/1.0", "resources": { "Remote authentication": { "methods": { "List all authentication sequences": { "description": "Returns a list of all supported authentication sequences of primary and fallback authentication methods.", "formats": [ "json" ], "httpmethod": "GET", "path": "all_auth_sequences", "authorization_methods": [ "BASIC", "COOKIE", "OAUTH_2_0" ], "response": { "description": "List of all supported authentication sequences along with their unique IDs of primary and fallback authentication methods", "type": "array", "items": { "type": "object", "properties": { "id": { "description": "Unique ID denoting each authentication sequence", "type": "number" }, "authentication_sequence": { "description": "authentication sequence in string format", "type": "string" } }, "required": [ "id", "authentication_sequence" ] }, "id": "GetAllAuthSequences", "example": [ { "id": 1, "authentication_sequence": "Local, RADIUS, TACACS+" }, { "id": 2, "authentication_sequence": "Local, TACACS+, RADIUS" }, { "id": 3, "authentication_sequence": "Local, RADIUS" }, { "id": 4, "authentication_sequence": "Local, TACACS+" }, { "id": 5, "authentication_sequence": "Local only" } ] }, "authorization": "required" }, "Get current authentication sequence": { "description": "Returns currently set authentication sequence of primary and fallback authentication methods.", "formats": [ "json" ], "httpmethod": "GET", "path": "current_auth_sequence", "authorization_methods": [ "BASIC", "COOKIE", "OAUTH_2_0" ], "response": { "description": "Dictionary showing ID and authentication sequenceof ", "type": "object", "properties": { "id": { "description": "Unique ID denoting each authentication sequence", "type": "number" }, "authentication_sequence": { "description": "authentication sequence in string format", "type": "string" } }, "required": [ "id", "authentication_sequence" ], "example": { "id": 1, "authentication_sequence": "Local, RADIUS, TACACS+" } }, "authorization": "required" }, "Set current authentication sequence": { "description": "Sets current authentication sequence.", "formats": [ "json" ], "httpmethod": "POST", "path": "current_auth_sequence", "authorization_methods": [ "BASIC", "COOKIE", "OAUTH_2_0" ], "request": { "description": "ID of the authentication sequence", "type": "object", "properties": { "id": { "type": "number" } }, "required": [ "id" ], "id": "SetCurrentAuthentication", "example": { "id": 1 } }, "authorization": "required" }, "Add radius server": { "description": "Adds new radius server.", "formats": [ "json" ], "httpmethod": "POST", "path": "radius/server", "authorization_methods": [ "BASIC", "COOKIE", "OAUTH_2_0" ], "request": { "description": "Required fields to add a new radius server", "type": "object", "properties": { "address": { "type": "string", "description": "Server IP" }, "port": { "type": "number", "description": "Server Port" }, "secret": { "type": "string", "description": "Secret key" }, "protocol": { "type": "string", "description": "Protocol" }, "enabled": { "type": "boolean" } }, "required": [ "address", "port", "secret", "protocol", "enabled" ], "id": "AddRadiusServer", "example": { "address": "10.70.45.14", "port": 1812, "secret" : "secretKey", "protocol" : "PAP", "enabled" : true } }, "authorization": "required" }, "List all radius servers": { "description": "Returns a list of all radius servers.", "formats": [ "json" ], "httpmethod": "GET", "path": "radius/server", "authorization_methods": [ "BASIC", "COOKIE", "OAUTH_2_0" ], "response": { "description": "List of all radius servers", "type": "array", "items": { "type": "object", "properties": { "server_id": { "type": "number", "description": "Unique ID denoting each radius server" }, "port": { "type": "number", "description": "Server Port" }, "order": { "type": "number", "description": "Index of radius servers in all radius server's order list" }, "address": { "type": "string", "description": "Server IP" }, "protocol": { "type": "string", "description": "Server protocol" }, "secret": { "type": "string", "description": "Secret key passed while adding server, it will be cloaked(instead of text \"*\" will be shown) to reveal it pass \"uncloak\" argument in API's URL" }, "enabled": { "type": "number", "description": "1 denoting to true and 0 to false" } }, "required": [ "server_id", "port", "order", "address", "protocol", "secret", "enabled" ] }, "id": "GetAllRadiusServer", "example": [ { "server_id": 1, "port": 1812, "order": 0, "address": "10.70.45.13", "protocol": "PAP", "secret": "****************", "enabled": 1 }, { "server_id": 2, "port": 1812, "order": 1, "address": "10.70.45.14", "protocol": "PAP", "secret": "****************", "enabled": 1 } ] }, "authorization": "required" }, "Update an existing radius server": { "description": "Updates a radius server having server ID passed in request URL.", "formats": [ "json" ], "httpmethod": "PUT", "path": "radius/server/", "authorization_methods": [ "BASIC", "COOKIE", "OAUTH_2_0" ], "request": { "description": "Required fields to updatea a radius server", "type": "object", "properties": { "address": { "type": "string", "description": "Server IP" }, "port": { "type": "number", "description": "Server Port" }, "secret": { "type": "string", "description": "Secret key" }, "protocol": { "type": "string", "description": "Protocol" }, "enabled": { "type": "boolean" } }, "required": [ "address", "port", "secret", "protocol", "enabled" ], "id": "UpdateRadiusServer", "example": { "address": "10.70.45.14", "port": 1812, "secret" : "secretKey", "protocol" : "PAP", "enabled" : true } }, "authorization": "required" }, "Delete a radius server by ID": { "description": "Deletes a radius server having server ID passed in request URL.", "formats": [ "json" ], "httpmethod": "DELETE", "path": "radius/server/", "authorization_methods": [ "BASIC", "COOKIE", "OAUTH_2_0" ], "authorization": "required" }, "Delete all radius servers": { "description": "Deletes all radius servers.", "formats": [ "json" ], "httpmethod": "DELETE", "path": "radius/server", "authorization_methods": [ "BASIC", "COOKIE", "OAUTH_2_0" ], "authorization": "required" }, "Reorder radius server": { "description": "This method can be used or multiple scenarios, mainly if user wants to change the order of existing servers, in-order to change the order first use GET API to list all radius servers (pass \"uncloak\" argument to reveal secret else it cloaked keys won't work)then change the server in that returned at which ever order you want to have and then pass the same list of servers as body to this request, internally this API will be deleting all existing radius servers and inserting one by one passed in the body .", "formats": [ "json" ], "httpmethod": "POST", "path": "radius/reorder", "authorization_methods": [ "BASIC", "COOKIE", "OAUTH_2_0" ], "request": { "description": "List of radius servers", "type": "array", "items": { "type": "object", "properties": { "port": { "type": "number", "description": "Server Port" }, "address": { "type": "string", "description": "Server IP" }, "protocol": { "type": "string", "description": "Server protocol" }, "secret": { "type": "string", "description": "Secret key" }, "enabled": { "type": "number", "description": "1 denoting to true and 0 to false" } }, "required": [ "port", "address", "protocol", "secret", "enabled" ] }, "id": "ReorderRadiusServers", "example": [ { "server_id": 1, "port": 1812, "order": 0, "address": "10.70.45.13", "protocol": "PAP", "secret": "check", "enabled": 1 }, { "server_id": 2, "port": 1812, "order": 1, "address": "10.70.45.14", "protocol": "PAP", "secret": "test", "enabled": 1 } ] }, "authorization": "required" }, "Get radius server's connection settings": { "description": "Returns connection timeout time in seconds along with max number of tries for any radius server.", "formats": [ "json" ], "httpmethod": "GET", "path": "radius/connection", "authorization_methods": [ "BASIC", "COOKIE", "OAUTH_2_0" ], "response": { "description": "Dictionary showing connection timeout and max number of tries ", "type": "object", "properties": { "connection_timeout": { "description": "connection timeout time in seconds", "type": "number" }, "max_number_of_tries": { "description": "max number of tries", "type": "number" } }, "required": [ "connection_timeout", "max_number_of_tries" ], "id": "GetRadiusConnecctionSettings", "example": { "connection_timeout": 5, "max_number_of_tries": 3 } }, "authorization": "required" }, "Set radius server's connection settings": { "description": "Sets connection timeout time in seconds and max number of tries for any radius server. User needs to pass only the one which needs to be set no need to pass both unless trying to set both", "formats": [ "json" ], "httpmethod": "POST", "path": "radius/connection", "authorization_methods": [ "BASIC", "COOKIE", "OAUTH_2_0" ], "request": { "description": "connection timeout and max number of tries", "type": "object", "properties": { "connection_timeout": { "description": "connection timeout time in seconds", "type": "number" }, "max_number_of_tries": { "description": "max number of tries", "type": "number" } }, "required": [ ], "id": "SetRadiusConnecctionSettings", "example": { "connection_timeout": 5, "max_number_of_tries": 3 } }, "authorization": "required" }, "Get radius roles and s attribute mapping": { "description": "Returns all roles and permissions along with their attribut's ID and attributes value for radius servers.", "formats": [ "json" ], "httpmethod": "GET", "path": "radius/role_mapping", "authorization_methods": [ "BASIC", "COOKIE", "OAUTH_2_0" ], "response": { "description": "List of all roles and permissions along with their attribut's ID and attributes value", "type": "array", "items": { "type": "object", "properties": { "role": { "description": "Name of role or permission", "type": "string" }, "attribute": { "description": "Attribute ID", "type": "number" }, "attribute_value": { "description": "Attribute value", "type": "string" } }, "required": [ "role" ] }, "id": "GetRadiusRoleMapping", "example": [ { "role": "Developer", "attribute": null, "attribute_value": null }, { "role": "Administrator", "attribute": 17164, "attribute_value": "2" }, { "role": "Operator", "attribute": null, "attribute_value": null }, { "role": "Monitor", "attribute": null, "attribute_value": null }, { "role": "Event Viewer", "attribute": null, "attribute_value": null }, { "role": "Dashboard Viewer", "attribute": null, "attribute_value": null }, { "role": "Restricted", "attribute": null, "attribute_value": null }, { "role": "Allow to view active directory user information", "attribute": null, "attribute_value": null }, { "role": "Allow to edit Dashboards", "attribute": null, "attribute_value": null }, { "role": "Allow to view packet details", "attribute": null, "attribute_value": null }, { "role": "Limit Data Resolution to only \"automatic\"", "attribute": null, "attribute_value": null } ] }, "authorization": "required" }, "Set radius roles and s attribute mapping": { "description": "Sets the roles and permissions with attribut's ID and attributes value.", "formats": [ "json" ], "httpmethod": "POST", "path": "radius/role_mapping", "authorization_methods": [ "BASIC", "COOKIE", "OAUTH_2_0" ], "request": { "description": "Required fields to set the roles and permissions with attribut's ID and attributes value", "type": "array", "items": { "type": "object", "properties": { "role": { "description": "Name of role or permission", "type": "string" }, "attribute": { "description": "Attribute ID", "type": "number" }, "attribute_value": { "description": "Attribute value", "type": "string" } }, "required": [ "role", "attribute", "attribute_value" ] }, "id": "SetRadiusRoleMapping", "example": [ { "role": "Administrator", "attribute": 17164, "attribute_value": "2" }, { "role": "Limit Data Resolution to only \"automatic\"", "attribute": 17164, "attribute_value": "7" } ] }, "authorization": "required" }, "Add tacacs server": { "description": "Adds new tacacs server.", "formats": [ "json" ], "httpmethod": "POST", "path": "tacacs/server", "authorization_methods": [ "BASIC", "COOKIE", "OAUTH_2_0" ], "request": { "description": "Required fields to add a new tacacs server", "type": "object", "properties": { "address": { "type": "string", "description": "Server IP" }, "port": { "type": "number", "description": "Server Port" }, "secret": { "type": "string", "description": "Secret key" }, "protocol": { "type": "string", "description": "Protocol" }, "client_port": { "type": "number", "description": "client port" }, "enabled": { "type": "boolean" } }, "required": [ "address", "port", "secret", "protocol", "client_port", "enabled" ], "id": "AddTacacsServer", "example": { "address": "10.70.45.14", "port": 1812, "secret" : "secretKey", "protocol" : "PAP", "client_port": "70", "enabled" : true } }, "authorization": "required" }, "List all tacacs servers": { "description": "Returns a list of all tacacs servers.", "formats": [ "json" ], "httpmethod": "GET", "path": "tacacs/server", "authorization_methods": [ "BASIC", "COOKIE", "OAUTH_2_0" ], "response": { "description": "List of all tacacs servers", "type": "array", "items": { "type": "object", "properties": { "server_id": { "type": "number", "description": "Unique ID denoting each tacacs server" }, "port": { "type": "number", "description": "Server Port" }, "order": { "type": "number", "description": "Index of tacacs servers in all radius server's order list" }, "address": { "type": "string", "description": "Server IP" }, "protocol": { "type": "string", "description": "Server protocol" }, "client_port": { "type": "string", "description": "client port" }, "secret": { "type": "string", "description": "Secret key passed while adding server, it will be cloaked(instead of text \"*\" will be shown) to reveal it pass \"uncloak\" argument in API's URL" }, "enabled": { "type": "number", "description": "1 denoting to true and 0 to false" } }, "required": [ "server_id", "port", "order", "address", "protocol", "client_port", "secret", "enabled" ] }, "id": "GetAllTacacsServer", "example": [ { "server_id": 1, "port": 1812, "order": 0, "address": "10.70.45.13", "protocol": "PAP", "client_port": "8080", "secret": "****************", "enabled": 1 }, { "server_id": 2, "port": 1812, "order": 1, "address": "10.70.45.14", "protocol": "PAP", "client_port": "7000", "secret": "****************", "enabled": 1 } ] }, "authorization": "required" }, "Update an existing tacacs server": { "description": "Updates a tacacs server having server ID passed in request URL.", "formats": [ "json" ], "httpmethod": "PUT", "path": "tacacs/server/", "authorization_methods": [ "BASIC", "COOKIE", "OAUTH_2_0" ], "request": { "description": "Required fields to updatea a tacacs server", "type": "object", "properties": { "address": { "type": "string", "description": "Server IP" }, "port": { "type": "number", "description": "Server Port" }, "secret": { "type": "string", "description": "Secret key" }, "client_port": { "type": "number", "description": "client port" }, "protocol": { "type": "string", "description": "Protocol" }, "enabled": { "type": "boolean" } }, "required": [ "address", "port", "secret", "client_port", "protocol", "enabled" ], "id": "UpdateTacacsServer", "example": { "address": "10.70.45.14", "port": 1812, "secret" : "secretKey", "client_port": 7000, "protocol" : "PAP", "enabled" : true } }, "authorization": "required" }, "Delete a tacacs server by ID": { "description": "Deletes a tacacs server having server ID passed in request URL.", "formats": [ "json" ], "httpmethod": "DELETE", "path": "tacacs/server/", "authorization_methods": [ "BASIC", "COOKIE", "OAUTH_2_0" ], "authorization": "required" }, "Delete all tacacs servers": { "description": "Deletes all radius servers.", "formats": [ "json" ], "httpmethod": "DELETE", "path": "tacacs/server", "authorization_methods": [ "BASIC", "COOKIE", "OAUTH_2_0" ], "authorization": "required" }, "Reorder tacacs server": { "description": "This method can be used or multiple scenarios, mainly if user wants to change the order of existing servers, in-order to change the order first use GET API to list all tacacs servers (pass \"uncloak\" argument to reveal secret else it cloaked keys won't work)then change the server in that returned at which ever order you want to have and then pass the same list of servers as body to this request, internally this API will be deleting all existing tacacs servers and inserting one by one passed in the body .", "formats": [ "json" ], "httpmethod": "POST", "path": "tacacs/reorder", "authorization_methods": [ "BASIC", "COOKIE", "OAUTH_2_0" ], "request": { "description": "List of tacacs servers", "type": "array", "items": { "type": "object", "properties": { "port": { "type": "number", "description": "Server Port" }, "address": { "type": "string", "description": "Server IP" }, "protocol": { "type": "string", "description": "Server protocol" }, "client_port": { "type": "number", "description": "client port" }, "secret": { "type": "string", "description": "Secret key" }, "enabled": { "type": "number", "description": "1 denoting to true and 0 to false" } }, "required": [ "port", "address", "protocol", "client_port", "secret", "enabled" ] }, "id": "ReorderTacacsServers", "example": [ { "server_id": 1, "port": 1812, "order": 0, "address": "10.70.45.13", "protocol": "PAP", "client_port": 710, "secret": "check", "enabled": 1 }, { "server_id": 2, "port": 1812, "order": 1, "address": "10.70.45.14", "protocol": "PAP", "client_port": 700, "secret": "test", "enabled": 1 } ] }, "authorization": "required" }, "Get tacacs server's settings": { "description": "Returns connection timeout time in seconds along with authorization service for any tacacs server.", "formats": [ "json" ], "httpmethod": "GET", "path": "tacacs/settings", "authorization_methods": [ "BASIC", "COOKIE", "OAUTH_2_0" ], "response": { "description": "Dictionary showing connection timeout and auth_service ", "type": "object", "properties": { "connection_timeout": { "description": "connection timeout time in seconds", "type": "number" }, "auth_service": { "description": "authorization service name", "type": "string" } }, "required": [ "connection_timeout", "auth_service" ], "id": "GetTacacsSettings", "example": { "connection_timeout": 5, "auth_service": "serviceName" } }, "authorization": "required" }, "Set tacacs server's settings": { "description": "Sets connection timeout time in seconds and authorization service for any tacacs server. User needs to pass only the one which needs to be set no need to pass both unless trying to set both", "formats": [ "json" ], "httpmethod": "POST", "path": "tacacs/connection", "authorization_methods": [ "BASIC", "COOKIE", "OAUTH_2_0" ], "request": { "description": "connection timeout and authorization service name", "type": "object", "properties": { "connection_timeout": { "description": "connection timeout time in seconds", "type": "number" }, "auth_service": { "description": "authorization service name", "type": "string" } }, "required": [ ], "id": "SetTacacsSettings", "example": { "connection_timeout": 5, "auth_service": "serviceName" } }, "authorization": "required" }, "Get tacacs roles and s attribute mapping": { "description": "Returns all roles and permissions along with their attribut's name and attributes value for tacacs servers.", "formats": [ "json" ], "httpmethod": "GET", "path": "tacacs/role_mapping", "authorization_methods": [ "BASIC", "COOKIE", "OAUTH_2_0" ], "response": { "description": "List of all roles and permissions along with their attribut's name and attributes value", "type": "array", "items": { "type": "object", "properties": { "role": { "description": "Name of role or permission", "type": "string" }, "attribute": { "description": "Attribute name", "type": "string" }, "attribute_value": { "description": "Attribute value", "type": "string" } }, "required": [ "role" ] }, "id": "GetTacacsRoleMapping", "example": [ { "role": "Developer", "attribute": null, "attribute_value": null }, { "role": "Administrator", "attribute": 17164, "attribute_value": "2" }, { "role": "Operator", "attribute": null, "attribute_value": null }, { "role": "Monitor", "attribute": null, "attribute_value": null }, { "role": "Event Viewer", "attribute": null, "attribute_value": null }, { "role": "Dashboard Viewer", "attribute": null, "attribute_value": null }, { "role": "Restricted", "attribute": null, "attribute_value": null }, { "role": "Allow to view active directory user information", "attribute": null, "attribute_value": null }, { "role": "Allow to edit Dashboards", "attribute": null, "attribute_value": null }, { "role": "Allow to view packet details", "attribute": null, "attribute_value": null }, { "role": "Limit Data Resolution to only \"automatic\"", "attribute": null, "attribute_value": null }, { "role": "Traffic Filter", "attribute": null, "attribute_value": null } ] }, "authorization": "required" }, "Set tacacs roles and s attribute mapping": { "description": "Sets the roles and permissions with attribut's ID and attributes value.", "formats": [ "json" ], "httpmethod": "POST", "path": "tacacs/role_mapping", "authorization_methods": [ "BASIC", "COOKIE", "OAUTH_2_0" ], "request": { "description": "Required fields to set the roles and permissions with attribut's name and attributes value", "type": "array", "items": { "type": "object", "properties": { "role": { "description": "Name of role or permission", "type": "string" }, "attribute": { "description": "Attribute name", "type": "string" }, "attribute_value": { "description": "Attribute value", "type": "string" } }, "required": [ "role", "attribute", "attribute_value" ] }, "id": "SetTacacsRoleMapping", "example": [ { "role": "Administrator", "attribute": "cascade", "attribute_value": "2" }, { "role": "Limit Data Resolution to only \"automatic\"", "attribute": "class", "attribute_value": "7" } ] }, "authorization": "required" } } } }, "description": "" }