Riverbed Open API
Riverbed Open APIs give developers direct access to metrics and configuration controls of Riverbed application performance infrastructure. Built using the Representational State Transfer (REST) framework, Riverbed Open APIs enable you to customize and automate the analysis and resolution of performance issues across your IT infrastructure.
The benefits of this direct access include:
• Scripting, automation, and custom visualization.
• Immediate access to data that can be pushed to other devices or processes throughout the network.
• Simultaneous configuration of thousands of appliances throughout the network stack.
About REST APIs
Application programming interfaces (APIs) allow software developers to write applications that communicate with other systems and services. APIs expose data and metrics from the system or service, as well as configuration options and system status.
REST is an API framework designed for building scalable web services. RESTful APIs use basic HTTP methods (GET, POST, PUT, DELETE, HEAD, INFO, and the full range of return codes) for interacting with a service and generally use JSON or XML for data.
Riverbed REST API Documentation
You can find Riverbed REST API documentation at the following URL:
The documentation is organized by product and the version history of the REST APIs. Each product has several services, and each service includes various resources and types. You can click a service to view a summary of it that includes such information as API version, definition (YML, JSON), links to HTML and PDF documentation, and URL path. The documentation for each service includes a full description of each resource and type within the service.
Accessing Authentication to Riverbed Open API
You can use the REST APIs to check or modify a configuration, for example:
• Manage QoS profiles, rules, and applications.
• Query interface status and update a route.
For all uses you must preconfigure an access code to authenticate communication between parties and to authorize access to protected resources.
The REST API calls are based on the trusted application flow — a scenario where you download and install an application on a host, such as your own laptop. You trust both the application and the security of the host onto which the application is installed.
For example, suppose you install a Python script on a Linux system that queries QoS policies on a SteelHead and prints a summary as text output. You install the script under your home directory and configure the script with credentials to access the SteelHead. Once set up, you can simply log in to the Linux system and run the script. Because you already preconfigured credentials with the SteelHead, you can run the script without any user interaction after logging in. This trusted application flow enables you to schedule execution through cron or chain it with other scripts that process the text data and combine it with other functionality.
The authentication sequence shown in
Figure: REST API Access Authentication Sequence assumes you have already downloaded the Python script and installed it on a Linux system.
REST API Access Authentication Sequence
All access to protected resources requires a valid access token. To obtain an access token, the client must send a POST request with the access code. The SteelHead appliance will issue an access token that is valid for the next one-hour time period and return that token in the body of the POST. If the client script runs for more than an hour, the appliance must generate another access token when the old one expires. An expired token results in an error with HTTP code 401 and error_id AUTH_EXPIRED_TOKEN.
The Authorization HTTP Header is used to pass the token for API authentication. Use the following format:
Authorization: Bearer <Access Token encoded in base64 format>
For example:
Authorization: Bearer eyJhdWQiOiAiaHR0cHM6Ly9nZW4tdnNoNDMubGFiLm5idHRlY2guY29tAifQ==
Enabling REST API access on an appliance
Before an appliance can access the REST API, you must preconfigure an access code for the system to use to authenticate access.
1. Choose Administration > Security > REST API Access to display the REST API Access page.
2. Under REST API Access Settings, select the Enable REST API Access check box.
3. Click Apply to apply your changes to the running configuration.
4. Click Save to save your settings permanently.
5. Choose Administration > Security > REST API Access to display the REST API Access page.
6. Click Add Access Code.
7. Under Access Codes in the Description of Use field, type a description such as the hostname or IP address of the appliance you are using.
8. To create a code, select Generate New Access Code. To use an existing code, select Import Existing Access Code and paste your existing code into the text field below this option.
9. Click Add. The access code description appears in the access code table along with the name of the user who created it.
10. Click the access code description to display the access code.
11. Copy the access code from the text field into a text editor such as Notepad.
12. Paste the access code copied from the Management Console REST API Access page into the configuration file of your external script.
The script uses the access code to make a call to the appliance or system to request an access token. The appliance or system validates the access code and returns an access token for use by the script. Generally, the script keeps the access token for a session only (defined within your script). The script, however, can make many requests using the same access token.
These access tokens have a duration—approximately one hour—which they are valid. When they expire, the access code must fetch a new access token. The script uses the access token to make REST API calls with the appliance or system.