FeedbackTable Of Contents
External RESTful Services Calls
Invoking an External RESTful Services API Call
Internal User External RESTful Services API Calls
Endpoint External RESTful Services API Calls
Get All Endpoints Sample Request
Get All Endpoints Sample Response
Create Endpoint Sample Request
Create Endpoint Sample Response
Update Endpoint Sample Request
Update Endpoint Sample Response
Delete Endpoint Sample Request
Delete Endpoint Sample Response
Register Endpoint Sample Request
Register Endpoint Sample Response
Deregister Endpoint Sample Request
Deregister Endpoint Sample Response
Endpoint Identity Group External RESTful Services API Calls
Endpoint Identity Groups Schema
Get All Endpoint Identity Groups API Call
Get All Endpoint Identity Groups Sample Request
Get All Endpoint Identity Groups Sample Response
Get Endpoint Identity Group API Call
Get Endpoint Identity Group Sample Request
Get Endpoint Identity Group Sample Response
Create Endpoint Identity Group API Call
Create Endpoint Identity Group Sample Request
Create Endpoint Identity Group Sample Response
Update Endpoint Identity Group API Call
Update Endpoint Identity Group Sample Request
Update Endpoint Identity Group Sample Response
Delete Endpoint Identity Group API Call
Delete Endpoint Identity Group Sample Request
Delete Endpoint Identity Group Sample Response
Profiler Profile External RESTful Services API Calls
Get All Profiles Sample Request
Get All Profiles Sample Response
Create Profiler Profile API Call
Create Profile Sample Response
Identity Group External RESTful Services API Calls
Get All Identity Groups API Call
Get All Identity Groups Sample Request
Get All Identity Groups Sample Response
Get Identity Group Sample Request
Get Identity Group Sample Response
External RESTful Services API Calls for Security Group Tags
Making an External RESTful Services API Call Using GET
Making a GET Request Using POSTMAN
Making an External RESTful Services API Call Using POST
Making a POST Request Using POSTMAN
Making an External RESTful Services API Call Using PUT
Making a PUT Request Using POSTMAN
Making an External RESTful Services API Call Using DELETE
Making a DELETE Request Using POSTMAN
Java External RESTful Services Demo Application
Downloading the Java External RESTful Services Demo Application
External RESTful Services Calls
•
Invoking an External RESTful Services API Call
•
•
•
•
•
•
Invoking an External RESTful Services API Call
You should fulfill the following prerequisites before invoking an External RESTful Services API call:
•
•
You can use any REST client like JAVA, cURL Linux command, python to invoke External RESTful Services API calls.
Related Topics
•
•
GetVersion API Call
The GetVersion API call is common to all available resources: endpoints, internal users, endpoint identity groups, and security group tags (SGTs). It fetches the version information of the required resource.
GetVersion Sample Request
Sample Request for Get Version Internal Users APIMethod:GETURI: https://10.56.13.196:9060/ers/config/internaluser/versioninfoHTTP Accept header:application/vnd.com.cisco.ise.identity.internaluser.1.0+xmlGetVersion Sample Response
HTTP Status: 200 (OK)Content:<?xml version="1.0" encoding="UTF-8" standalone="yes"?><ns2:versionInfo xmlns:ns2="ers.ise.cisco.com"><currentServerVersion>1.0</currentServerVersion><link type="application/xml" href="link" rel="self"/><supportedVersions>0.9,0.8</supportedVersions></ns2:versionInfo>Internal User External RESTful Services API Calls
External RESTful Services API Calls for Internal users support full Create, Read, Update, Delete (CRUD) functionality. The internal user ID used in these API calls is the UUID type stored in the Cisco ISE database.
Internal User Schema
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<ns3:internaluser name="name" id="id" description="description" xmlns:ns2="ers.ise.cisco.com" xmlns:ns3="identity.ers.ise.cisco.com">
<changePassword>true</changePassword>
<customAttributes>
<entry>
<key>key2</key>
<value>value3</value>
</entry>
<entry>
<key>key1</key>
<value>value1</value>
</entry>
</customAttributes>
<email>email@domain.com</email>
<enabled>true</enabled>
<firstName>firstName</firstName>
<identityGroups>identityGroups</identityGroups>
<lastName>lastName</lastName>
<password>password</password>
</ns3:internaluser>Get All Users API Call
You use Get All Users API call to retrieve all the internal users in Cisco ISE.
Get All Users Sample Request
Method: GETURI: https://10.56.13.196:9060/ers/config/internaluserHTTP Accept header:application/vnd.com.cisco.ise.identity.internaluser.1.0+xmlRequest Content:N/AGet All Users Sample Response
HTTP Status: 200 (OK)Content:<?xml version="1.0" encoding="UTF-8" standalone="yes"?><ns2:searchResult total="2" xmlns:ns2="ers.ise.cisco.com"><nextPage type="application/xml" href="link-to-next-page" rel="next"/><previousPage type="application/xml" href="link-to-previous-page" rel="previous"/><resources><resource name="name1" id="id1" description="description1"/><resource name="name2" id="id2" description="description2"/></resources></ns2:searchResult>Get User API Call
You use the Get User API call to retrieve an internal user using the user ID.
Get User Sample Request
Method: GETURI: https://10.56.13.196:9060/ers/config/internaluser/{id}HTTP Accept header:application/vnd.com.cisco.ise.identity.internaluser.1.0+xmlRequest Content:N/AGet User Sample Response
HTTP Status: 200 (OK)Content:<?xml version="1.0" encoding="UTF-8" standalone="yes"?><ns3:internaluser name="name" id="id" description="description" xmlns:ns2="ers.ise.cisco.com" xmlns:ns3="identity.ers.ise.cisco.com"><changePassword>true</changePassword><customAttributes><entry><key>key2</key><value>value3</value></entry><entry><key>key1</key><value>value1</value></entry></customAttributes><email>email@domain.com</email><enabled>true</enabled><firstName>firstName</firstName><identityGroups>identityGroups</identityGroups><lastName>lastName</lastName><password>password</password></ns3:internaluser>}Create User API Call
You use the Create User API call to create internal users in Cisco ISE. A password is mandatory for creating an internal user using the External RESTful Services API.
Create User Sample Request
Method: POSTURI: https://10.56.13.196:9060/ers/config/internaluserHTTP Content-Type header:application/vnd.com.cisco.ise.identity.internaluser.1.0+xml; charset=utf-8Request Content:<?xml version="1.0" encoding="UTF-8" standalone="yes"?><ns3:internaluser name="name" id="id" description="description" xmlns:ns2="ers.ise.cisco.com" xmlns:ns3="identity.ers.ise.cisco.com"><changePassword>true</changePassword><customAttributes><entry><key>key2</key><value>value3</value></entry><entry><key>key1</key><value>value1</value></entry></customAttributes><email>email@domain.com</email><enabled>true</enabled><firstName>firstName</firstName><identityGroups>identityGroups</identityGroups><lastName>lastName</lastName><password>password</password></ns3:internaluser>Create User Sample Response
HTTP Status: 201 (Created)Content:N/AUpdate User API Call
You use the Update User API call to update internal users in Cisco ISE. While updating internal users using the External RESTful Services API, if you do not intend to change the existing password, you need not supply the current password. In case you want to change the existing password when you update internal users, you can specify it in plain text.
Update User Sample Request
Method: PUTURI: https://10.56.13.196:9060/ers/config/internaluser/{id}HTTP Content-Type header:application/vnd.com.cisco.ise.identity.internaluser.1.0+xml; charset=utf-8Request Content:<?xml version="1.0" encoding="UTF-8" standalone="yes"?><ns3:internaluser name="name" id="id" description="description" xmlns:ns2="ers.ise.cisco.com" xmlns:ns3="identity.ers.ise.cisco.com"><changePassword>true</changePassword><customAttributes><entry><key>key2</key><value>value3</value></entry><entry><key>key1</key><value>value1</value></entry></customAttributes><email>email@domain.com</email><enabled>true</enabled><firstName>firstName</firstName><identityGroups>identityGroups</identityGroups><lastName>lastName</lastName><password>password</password></ns3:internaluser>Update User Sample Response
HTTP Status: 200 (OK)Content:<?xml version="1.0" encoding="UTF-8" standalone="yes"?><ns2:updatedFields xmlns:ns2="ers.ise.cisco.com"><updatedField field="field1"><newValue>val_new</newValue><oldValue>val_old</oldValue></updatedField><updatedField field="some other field"><newValue>val_new</newValue><oldValue>val_old</oldValue></updatedField></ns2:updatedFields>Delete User API Call
You use the Delete User API call to delete internal users from Cisco ISE.
Delete User Sample Request
Method: DELETEURI: https://10.56.13.196:9060/ers/config/internaluser/{id}HTTP Accept header:application/vnd.com.cisco.ise.identity.internaluser.1.0+xmlRequest Content:N/ADelete User Sample Response
HTTP Status: 204 (No Content)Content:N/AEndpoint External RESTful Services API Calls
The internal user ID used in these API calls is the UUID type stored in the Cisco ISE database.
Note
Endpoint Schema
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<ns3:endpoint name="name" id="id" description="description" xmlns:ns2="ers.ise.cisco.com" xmlns:ns3="identity.ers.ise.cisco.com">
<groupId>groupId</groupId>
<identityStore>identityStore</identityStore>
<identityStoreId>identityStoreId</identityStoreId>
<mac>00:01:02:03:04:05</mac>
<portalUser>portalUser</portalUser>
<profileId>profileId</profileId>
<staticGroupAssignment>true</staticGroupAssignment>
<staticProfileAssignment>false</staticProfileAssignment>
</ns3:endpoint>Get All Endpoints API Call
You use the Get All Endpoints API call to retrieve a list of endpoints.
Get All Endpoints Sample Request
Method: GETURI: https://10.56.13.196:9060/ers/config/endpointHTTP Accept header:application/vnd.com.cisco.ise.identity.endpoint.1.0+xmlRequest Content:N/AGet All Endpoints Sample Response
HTTP Status: 200 (OK)Content:<?xml version="1.0" encoding="UTF-8" standalone="yes"?><ns2:searchResult total="2" xmlns:ns2="ers.ise.cisco.com"><nextPage type="application/xml" href="link-to-next-page" rel="next"/><previousPage type="application/xml" href="link-to-previous-page" rel="previous"/><resources><resource name="name1" id="id1" description="description1"/><resource name="name2" id="id2" description="description2"/></resources></ns2:searchResult>
Note
Get Endpoint API Call
You use Get Endpoint API call to retrieve an endpoint using the user ID.
Get Endpoint Sample Request
Method: GETURI: https://10.56.13.196:9060/ers/config/endpoint/{id}HTTP Accept header:application/vnd.com.cisco.ise.identity.endpoint.1.0+xmlRequest Content:N/AGet Endpoint Sample Response
HTTP Status: 200 (OK)Content:<?xml version="1.0" encoding="UTF-8" standalone="yes"?><ns3:endpoint name="name" id="id" description="description" xmlns:ns2="ers.ise.cisco.com" xmlns:ns3="identity.ers.ise.cisco.com"><groupId>groupId</groupId><identityStore>identityStore</identityStore><identityStoreId>identityStoreId</identityStoreId><mac>00:01:02:03:04:05</mac><portalUser>portalUser</portalUser><profileId>profileId</profileId><staticGroupAssignment>true</staticGroupAssignment><staticProfileAssignment>false</staticProfileAssignment></ns3:endpoint>Create Endpoint API Call
You use the Create Endpoint API call to create endpoints in Cisco ISE.
Create Endpoint Sample Request
Method: POSTURI: https://10.56.13.196:9060/ers/config/endpointHTTP Content-Type header:application/vnd.com.cisco.ise.identity.endpoint.1.0+xml; charset=utf-8Request Content:<?xml version="1.0" encoding="UTF-8" standalone="yes"?><ns3:endpoint name="name" id="id" description="description"xmlns:ns2="ers.ise.cisco.com" xmlns:ns3="identity.ers.ise.cisco.com"><groupId>groupId</groupId><identityStore>identityStore</identityStore><identityStoreId>identityStoreId</identityStoreId><mac>00:01:02:03:04:05</mac><portalUser>portalUser</portalUser><profileId>profileId</profileId><staticGroupAssignment>true</staticGroupAssignment><staticProfileAssignment>false</staticProfileAssignment></ns3:endpoint>Create Endpoint Sample Response
HTTP Status: 201 (Created)Content:N/AUpdate Endpoint API Call
You use the Update Endpoint API call to update endpoints in Cisco ISE.
Update Endpoint Sample Request
Method: PUTURI: https://10.56.13.196:9060/ers/config/endpoint/{id}HTTP Content-Type header:application/vnd.com.cisco.ise.identity.endpoint.1.0+xml; charset=utf-8Request Content:<?xml version="1.0" encoding="UTF-8" standalone="yes"?><ns3:endpoint name="name" id="id" description="description" xmlns:ns2="ers.ise.cisco.com" xmlns:ns3="identity.ers.ise.cisco.com"><groupId>groupId</groupId><identityStore>identityStore</identityStore><identityStoreId>identityStoreId</identityStoreId><mac>00:01:02:03:04:05</mac><portalUser>portalUser</portalUser><profileId>profileId</profileId><staticGroupAssignment>true</staticGroupAssignment><staticProfileAssignment>false</staticProfileAssignment></ns3:endpoint>Update Endpoint Sample Response
HTTP Status: 200 (OK)Content:<?xml version="1.0" encoding="UTF-8" standalone="yes"?><ns2:updatedFields xmlns:ns2="ers.ise.cisco.com"><updatedField field="field1"><newValue>val_new</newValue><oldValue>val_old</oldValue></updatedField><updatedField field="some other field"><newValue>val_new</newValue><oldValue>val_old</oldValue></updatedField></ns2:updatedFields>Delete Endpoint API Call
You use the Delete Endpoint API call to delete endpoints in Cisco ISE.
Delete Endpoint Sample Request
Method: DELETEURI: https://10.56.13.196:9060/ers/config/endpoint/{id}HTTP Accept header:application/vnd.com.cisco.ise.identity.endpoint.1.0+xmlRequest Content:N/ADelete Endpoint Sample Response
HTTP Status: 204 (No Content)Content:N/ARegister Endpoint API Call
You use the Register Endpoint API call to register endpoints in Cisco ISE. If the endpoint already exists, it will be registered. If it does not exist, it will be created and then registered. In both scenarios, the return status will be 204, which means no content. Similar to the GUI registration flow, the endpoint is statically assigned to the Registered Devices group and the portal user and identity store will be set as specified in the content.
Register Endpoint Sample Request
Method: PUTURI: https://10.56.13.196:9060/ers/config/endpoint/registerHTTP Content-Type header:application/vnd.com.cisco.ise.identity.endpoint.1.0+xml; charset=utf-8Request Content:<?xml version="1.0" encoding="UTF-8" standalone="yes"?><ns3:endpoint name="name" id="id" description="description" xmlns:ns2="ers.ise.cisco.com" xmlns:ns3="identity.ers.ise.cisco.com"><groupId>groupId</groupId><identityStore>identityStore</identityStore><identityStoreId>identityStoreId</identityStoreId><mac>00:01:02:03:04:05</mac><portalUser>portalUser</portalUser><profileId>profileId</profileId><staticGroupAssignment>true</staticGroupAssignment><staticProfileAssignment>false</staticProfileAssignment></ns3:endpoint>Register Endpoint Sample Response
HTTP Status: nullContent:N/ADeregister Endpoint API Call
You use the Deregister Endpoint API call to deregister endpoints in Cisco ISE.
Deregister Endpoint Sample Request
Method: PUTURI: https://10.56.13.196:9060/ers/config/endpoint/{id}/deregisterHTTP Content-Type header:application/vnd.com.cisco.ise.identity.endpoint.1.0+xml; charset=utf-8Request Content:<?xml version="1.0" encoding="UTF-8" standalone="yes"?><ns3:endpoint name="name" id="id" description="description" xmlns:ns2="ers.ise.cisco.com" xmlns:ns3="identity.ers.ise.cisco.com"><groupId>groupId</groupId><identityStore>identityStore</identityStore><identityStoreId>identityStoreId</identityStoreId><mac>00:01:02:03:04:05</mac><portalUser>portalUser</portalUser><profileId>profileId</profileId><staticGroupAssignment>true</staticGroupAssignment><staticProfileAssignment>false</staticProfileAssignment></ns3:endpoint>Deregister Endpoint Sample Response
HTTP Status: nullContent:N/AEndpoint Identity Group External RESTful Services API Calls
The internal user ID used in these API calls is the UUID type stored in the Cisco ISE database.
Note
Endpoint Identity Groups Schema
Method: GET
URI: https://10.56.13.196:9060/ers/config/endpoint
HTTP Accept header:
application/vnd.com.cisco.ise.identity.endpoint.1.0+xmlGet All Endpoint Identity Groups API Call
You use the Get All Endpoint Identity Groups API call to retrieve a collection of endpoint identity groups.
Get All Endpoint Identity Groups Sample Request
Method: GETURI: https://10.56.13.196:9060/ers/config/endpointgroupHTTP Accept header:application/vnd.com.cisco.ise.identity.endpointgroup.1.0+xmlRequest Content:N/AGet All Endpoint Identity Groups Sample Response
HTTP Status: 200 (OK)Content:<?xml version="1.0" encoding="UTF-8" standalone="yes"?><ns2:searchResult total="2" xmlns:ns2="ers.ise.cisco.com"><nextPage type="application/xml" href="link-to-next-page" rel="next"/><previousPage type="application/xml" href="link-to-previous-page" rel="previous"/><resources><resource name="name1" id="id1" description="description1"/><resource name="name2" id="id2" description="description2"/></resources></ns2:searchResult>
Note
Get Endpoint Identity Group API Call
You use the Get Endpoint Identity Group API call to retrieve the specified endpoint identity group.
Get Endpoint Identity Group Sample Request
Method: GETURI: https://10.56.13.196:9060/ers/config/endpointgroup/{id}HTTP Accept header:application/vnd.com.cisco.ise.identity.endpointgroup.1.0+xmlRequest Content:N/AGet Endpoint Identity Group Sample Response
HTTP Status: 200 (OK)Content:<?xml version="1.0" encoding="UTF-8" standalone="yes"?><ns3:endpointgroup name="name" id="id" description="description" xmlns:ns2="ers.ise.cisco.com" xmlns:ns3="identity.ers.ise.cisco.com"><systemDefined>true</systemDefined></ns3:endpointgroup>}Create Endpoint Identity Group API Call
You use the Create Endpoint Identity Group API call to create a specified endpoint identity group.
:
Create Endpoint Identity Group Sample Request
Method: POSTURI: https://10.56.13.196:9060/ers/config/endpointgroupHTTP Content-Type header:application/vnd.com.cisco.ise.identity.endpointgroup.1.0+xml; charset=utf-8Request Content:<?xml version="1.0" encoding="UTF-8" standalone="yes"?><ns3:endpointgroup name="name" id="id" description="description" xmlns:ns2="ers.ise.cisco.com" xmlns:ns3="identity.ers.ise.cisco.com"><systemDefined>true</systemDefined></ns3:endpointgroup>Create Endpoint Identity Group Sample Response
HTTP Status: 201 (Created)Content:N/AUpdate Endpoint Identity Group API Call
You use the Update Endpoint Identity Group API call to update a specified endpoint group.
Update Endpoint Identity Group Sample Request
Method: PUTURI: https://10.56.13.196:9060/ers/config/endpointgroup/{id}HTTP Content-Type header:application/vnd.com.cisco.ise.identity.endpointgroup.1.0+xml; charset=utf-8Request Content:<?xml version="1.0" encoding="UTF-8" standalone="yes"?><ns3:endpointgroup name="name" id="id" description="description" xmlns:ns2="ers.ise.cisco.com" xmlns:ns3="identity.ers.ise.cisco.com"><systemDefined>true</systemDefined></ns3:endpointgroup>Update Endpoint Identity Group Sample Response
HTTP Status: 200 (OK)Content:<?xml version="1.0" encoding="UTF-8" standalone="yes"?><ns2:updatedFields xmlns:ns2="ers.ise.cisco.com"><updatedField field="field1"><newValue>val_new</newValue><oldValue>val_old</oldValue></updatedField><updatedField field="some other field"><newValue>val_new</newValue><oldValue>val_old</oldValue></updatedField></ns2:updatedFields>}Delete Endpoint Identity Group API Call
You use the Delete Endpoint Identity Group API call to delete a specified endpoint identity group.
Delete Endpoint Identity Group Sample Request
Method: DELETEURI: https://10.56.13.196:9060/ers/config/endpointgroup/{id}HTTP Accept header:application/vnd.com.cisco.ise.identity.endpointgroup.1.0+xmlRequest Content:N/ADelete Endpoint Identity Group Sample Response
HTTP Status: 204 (No Content)Content:N/AProfiler Profile External RESTful Services API Calls
Profiler Profile API calls enable you to search profiles. Profiler profile is the profile the endpoint is classified as or statically assigned to. Profiler Profile is also called profiler policy. The profile Id is an attribute on the endpoint. Endpoints can be filtered by names.
Note
Profiler Profile Schema
Request Content:
N/AGet All Profiles API Call
You use the Get All Profiles API call to retrieve a list of Profiler profiles.
Get All Profiles Sample Request
HTTP Status: 200 (OK)
Content:
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<ns3:endpoint name="name" id="id" description="description" xmlns:ns2="ers.ise.cisco.com" xmlns:ns3="identity.ers.ise.cisco.com">
<groupId>groupId</groupId>
<identityStore>identityStore</identityStore>Get All Profiles Sample Response
<identityStoreId>identityStoreId</identityStoreId>
<mac>00:01:02:03:04:05</mac>
<portalUser>portalUser</portalUser>
<profileId>profileId</profileId>
<staticGroupAssignment>true</staticGroupAssignment>
<staticProfileAssignment>false</staticProfileAssignment>
</ns3:endpoint>
Method: POST
URI: https://10.56.13.196:9060/ers/config/endpoint
HTTP Content-Type header:
application/vnd.com.cisco.ise.identity.endpoint.1.0+xml; charset=utf-8
Note
Get Profile API Call
You use the Get Profile API call to retrieve a specific profiler profile.
Get Profile Sample Request
Request Content:
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<ns3:endpoint name="name" id="id" description="description"
xmlns:ns2="ers.ise.cisco.com" xmlns:ns3="identity.ers.ise.cisco.com">
<groupId>groupId</groupId>
<identityStore>identityStore</identityStore>Get Profile Sample Response
<identityStoreId>identityStoreId</identityStoreId>
<mac>00:01:02:03:04:05</mac>
<portalUser>portalUser</portalUser>
<profileId>profileId</profileId>Create Profiler Profile API Call
You use the Create Profile API call to create a profiler profile.
Create Profile Sample Request
<staticGroupAssignment>true</staticGroupAssignment>
<staticProfileAssignment>false</staticProfileAssignment>
</ns3:endpoint>
HTTP Status: 201 (Created)
Content:
N/A
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>Create Profile Sample Response
<ns3:endpointgroup name="name" id="id" description="description" xmlns:ns2="ers.ise.cisco.com" xmlns:ns3="identity.ers.ise.cisco.com">
<systemDefined>true</systemDefined>
</ns3:endpointgroup>Identity Group External RESTful Services API Calls
External RESTful Services Identity Groups API calls enable you to search Identity Groups.
Note
Identity Group Schema
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<ns3:profilerprofile name="name" id="id" description="description" xmlns:ns2="ers.ise.cisco.com" xmlns:ns3="identity.ers.ise.cisco.com"/>
Method: GET
URI: https://10.56.13.196:9060/ers/config/profilerprofileGet All Identity Groups API Call
You use the Get All Identity Groups API call to retrieve identity groups by ID in Cisco ISE.
Get All Identity Groups Sample Request
Method: GETURI: https://10.56.13.196:9060/ers/config/identitygroup/{id}HTTP Accept header:application/vnd.com.cisco.ise.identity.identitygroup.1.0+xmlRequest Content:N/AGet All Identity Groups Sample Response
HTTP Accept header:
application/vnd.com.cisco.ise.identity.profilerprofile.1.0+xml
Request Content:
N/A
HTTP Status: 200 (OK)
Content:Get Identity Group API Call
You use the Get Identity Group API call to retrieve a specific identity group in Cisco ISE.
Get Identity Group Sample Request
Method: GETURI: https://10.56.13.196:9060/ers/config/identitygroup/{id}HTTP Accept header:application/vnd.com.cisco.ise.identity.identitygroup.1.0+xmlRequest Content:N/AGet Identity Group Sample Response
HTTP Status: 200 (OK)Content:<?xml version="1.0" encoding="UTF-8" standalone="yes"?><ns3:identitygroup name="name" id="id" description="description" xmlns:ns2="ers.ise.cisco.com" xmlns:ns3="identity.ers.ise.cisco.com"><parent>parent</parent></ns3:identitygroup>External RESTful Services API Calls for Security Group Tags
Security Group Tags (SGT) API calls enable you to search SGTs. The internal user ID used in these API calls is the UUID type stored in the Cisco ISE database.
Note
Get All SGTs API Call
You use the Get All SGTs API call to retrieve a collection of SGT resources.
Get All SGTs Sample Request
Method: GETURI: https://10.56.13.196:9060/ers/config/sgtHTTP Accept header:application/vnd.com.cisco.ise.sga.sgt.1.0+xmlRequest Content:N/AGet All SGTs Sample Response
HTTP Status: 200 (OK)Content:<?xml version="1.0" encoding="UTF-8" standalone="yes"?><ns2:searchResult total="2" xmlns:ns2="ers.ise.cisco.com"><nextPage type="application/xml" href="link-to-next-page" rel="next"/><previousPage type="application/xml" href="link-to-previous-page" rel="previous"/><resources><resource name="name1" id="id1" description="description1"/><resource name="name2" id="id2" description="description2"/></resources></ns2:searchResult>Get SGT API Call
You use the Get SGT API call to retrieve a specific SGT resource.
Get SGT Sample Request
Method: GETURI: https://10.56.13.196:9060/ers/config/sgt/{id}HTTP Accept header:application/vnd.com.cisco.ise.sga.sgt.1.0+xmlRequest Content:N/AGet SGT Sample Response
HTTP Status: 200 (OK)Content:<?xml version="1.0" encoding="UTF-8" standalone="yes"?><ns3:sgt name="name" id="id" description="description" xmlns:ns2="ers.ise.cisco.com" xmlns:ns3="sga.ers.ise.cisco.com"><generationId>generationId</generationId><isTagFromRange>isTagFromRange</isTagFromRange><value>1</value></ns3:sgt>}Using a REST API Client
To build and test applications using the External RESTful Services API, you can use any industry-standard REST API client, such as the POSTMAN plugin for Google Chrome.
Designed according to REST architecture and principles, the POSTMAN Chrome plugin is an easy to use REST client. It allows you to save collections of requests and provides many features that are useful while working in a browser environment and have lightweight specific tasks. You can also use the POStMAN plugin for testing the External RESTful Services APIs.
POSTMAN enables you to send and retrieve standard HTTP and HTTPS requests and responses using the Google Chrome web browser. You can use the following standard HTTP methods to perform CRUD operations on Cisco ISE resources:
•
•
•
•
The External RESTful Services API enables you to use these HTTP requests in various API calls, which in turn enable you to perform operations on Cisco ISE servers. For a comprehensive list of operations in which these HTTP requests are used, see External RESTful Services Calls.
Note
fdmmgilgnpjigdojojpjoooidkmcomcm?hl=en. For more information on using the POSTMAN plugin, go to https://github.com/a85/POSTMan-Chrome-Extension/wiki.
Making an External RESTful Services API Call Using GET
The GET method requests a representation of the specified resource. Requests using GET only retrieve data and do not have any other effect.
You can perform a search operation by sending a GET request to a resource URI. By default, the result is the first page (page index = 0) with default size of 20. By adding a filter, Sort, and paging parameters to the URI, you can control the results of the search operation. The search returns the following result type:
SearchResult: MediaType[MediaType: [application/vnd.com.cisco.ise.ers.searchresult.1.0+xml]
The resulting resources are a collection of base resources that contain the name, id, description, and a link to the full representation of the resource.
Note
The request body of the External RESTful Services API call that uses the GET HTTPS method contains the following three building blocks:
•
URI
The GET method sends the Uniform Resource Identifier (URI) to the Cisco ISE server and the HTTP reply is the raw result data. A typical URI must adhere to the following format:
•
Where <Cisco ISE Server Address> denotes the server address of the Cisco ISE server, <port> denotes port 9060, <namespace> denotes the namespace to which the Cisco ISE resource belongs to, and <Cisco ISE Resource Name> denotes the name of the Cisco ISE resource.
The following example shows a URI that requests data for the interaluser Cisco ISE resource:
•
Note
Accept Header
The Accept header must adhere to the following format:
•
Where <resource-namespace> denotes the namespace to which the Cisco ISE resource belongs to, <resource-type> denotes the type of Cisco ISE resource, <major-version> denotes the major version number of the Cisco ISE deployment, and <minor-version> denotes the minor version number of the deployment.
The following example shows a typical Accept header:
•
Authorization Header
The Authorization header contains the encryption authorization key that is embedded in the GET request. After specifying the authorization credentials, you must generate the encryption key, which is then embedded in the request body.
Note
Making a GET Request Using POSTMAN
Step 1
Step 2
Note
Step 3
Step 4
The URI specifies the Cisco ISE server with which you are trying to communicate and the Cisco ISE resource that you are trying to access. For more information on the format of the URI, see URI.
Step 5
The options that enable you to specify the user access credentials appear.
Step 6
POSTMAN displays an Authorization header with an encryption key.
Step 7
Note
Step 8
The POSTMAN plugin displays a 200 OK status response indicating that the request is successful. The request also returns the details of the resources that you have specified in the URI.
Making an External RESTful Services API Call Using POST
The POST method requests that the server accept the entity enclosed in the request as a new subordinate of the web resource identified by the URI.
You can create a resource by sending a POST request to a resource URI. The request content holds XML representation of the resource, and must be well formatted according to the schema. The request header holds the encrypted authorization and the content-type that defines the resource content and its version.
Note
The request body of the External RESTful Services API call that uses the POST HTTP method contains the following three building blocks:
•
URI
The POST method sends the Uniform Resource Identifier (URI) to the Cisco ISE server. A typical URI must adhere to the following format:
•
Where <Cisco ISE Server Address> denotes the server address of the Cisco ISE server, <port> denotes port 9060, <namespace> denotes the namespace to which the Cisco ISE resource belongs to, and <Cisco ISE Resource Name> denotes the name of the Cisco ISE resource.
The following example shows a URI that requests data for the interaluser Cisco ISE resource:
•
Note
Content-Type Header
The Content-Type header must adhere to the following format:
•
Where <resource-namespace> denotes the namespace to which the Cisco ISE resource belongs to, <resource-type> denotes the type of Cisco ISE resource, <major-version> denotes the major version number of the Cisco ISE deployment, and <minor-version> denotes the minor version number of the deployment.
The following example shows a typical Content-Type header:
•
Authorization Header
The Authorization header contains the encryption authorization key that is embedded in the POST request. After specifying the authorization credentials, you must generate the encryption key, which is then embedded in the request body.
Note
Making a POST Request Using POSTMAN
Step 1
Step 2
Note
Step 3
Step 4
The URI specifies the Cisco ISE server with which you are trying to communicate and the Cisco ISE resource that you are trying to access. For more information on the format of the URI, see URI.
Step 5
The options that enable you to specify the user access credentials appear.
Step 6
POSTMAN displays an Authorization header with an encryption key.
Step 7
Note
Step 8
Step 9
Step 10
Step 11
Note
Step 12
The POSTMAN plugin displays a 201 CREATED status response indicating that the request is successful. You can log on to Cisco ISE to verify whether the resource you added appears in the GUI.
Making an External RESTful Services API Call Using PUT
The PUT method requests that the enclosed entity be stored under the supplied URI. If the URI refers to an already existing resource, it is modified; if the URI does not point to an existing resource, then the server can create the resource with that URI.
You can update a resource by sending a PUT request to a resource URI. The request content holds XML representation of the resource, and must be well formatted according the schema. The request header holds the encrypted authorization and the content-type that defines the resource content and its version.
Note
The request body of the External RESTful Services API call that uses the PUT HTTP method contains the following three building blocks:
•
URI
The PUT method sends the Uniform Resource Identifier (URI) to the Cisco ISE server. A typical URI must adhere to the following format:
•
Where <Cisco ISE Server Address> denotes the server address of the Cisco ISE server, <port> denotes the port 9060, <namespace> denotes the namespace to which Cisco ISE resource belongs to, and <Cisco ISE Resource Name> denotes the name of the Cisco ISE resource.
The following example shows a URI that requests data for the interaluser Cisco ISE resource:
•
Note
Content-Type Header
The Content-Type header must adhere to the following format:
•
Where <resource-namespace> denotes the namespace to which the Cisco ISE resource belongs to, <resource-type> denotes the type of Cisco ISE resource, <major-version> denotes the major version number of the Cisco ISE deployment, and <minor-version> denotes the minor version number of the deployment.
The following example shows a typical Content-Type header:
•
Authorization Header
The Authorization header contains the encryption authorization key that is embedded in the PUT request. After specifying the authorization credentials, you must generate the encryption key, which is then embedded in the request body.
Note
Making a PUT Request Using POSTMAN
Step 1
Step 2
Note
Step 3
Step 4
The URI specifies the Cisco ISE server with which you are trying to communicate and the Cisco ISE resource that you are trying to access. For more information on the format of the URI, see URI.
Step 5
The options that enable you to specify the user access credentials appear.
Step 6
POSTMAN displays an Authorization header with an encryption key.
Step 7
Note
Step 8
Step 9
Step 10
Step 11
Note
Step 12
The POSTMAN plugin displays a 201 CREATED status response indicating that the request is successful. You can log on to Cisco ISE to verify whether the resource you added appears in the GUI.
Making an External RESTful Services API Call Using DELETE
The DELETE method deletes the specified resource.
You can delete a resource by sending a DELETE request to a resource URI. The request header holds the encrypted authorization and the content-type that defines the resource content and its version.
Note
The request body of the External RESTful Services API call that uses the DELETE HTTP method contains the following three building blocks:
•
URI
The DELETE method sends the Uniform Resource Identifier (URI) to the Cisco ISE server. A typical URI must adhere to the following format:
•
Where <Cisco ISE Server Address> denotes the server address of the Cisco ISE server, <port> denotes the port 9060, <namespace> denotes the namespace to which the Cisco ISE resource belongs to, and <Cisco ISE Resource Name> denotes the name of the Cisco ISE resource.
The following example shows a URI that requests data for the interaluser Cisco ISE resource:
•
Note
Accept Header
The Accept header must adhere to the following format:
•
Where <resource-namespace> denotes the namespace to which the Cisco ISE resource belongs to, <resource-type> denotes the type of Cisco ISE resource, <major-version> denotes the major version number of the Cisco ISE deployment, and <minor-version> denotes the minor version number of the deployment.
The following example shows a typical accept header:
•
Authorization Header
The Authorization header contains the encryption authorization key that is embedded in the DELETE request. After specifying the authorization credentials, you must generate the encryption key, which is then embedded in the request body.
Note
Making a DELETE Request Using POSTMAN
Step 1
Step 2
Note
Step 3
Step 4
The URI specifies the Cisco ISE server with which you are trying to communicate and the Cisco ISE resource that you are trying to access. For more information on the format of the URI, see URI.
Step 5
The options that enable you to specify the user access credentials appear.
Step 6
POSTMAN displays an Authorization header with an encryption key.
Step 7
Note
Step 8
The POSTMAN plugin displays a 200 OK status response indicating that the request is successful. You can log on to Cisco ISE to verify whether the resource you added appears in the GUI.
Java External RESTful Services Demo Application
The External RESTful Services Java Demo application is a simple External RESTful Services client code that uses the External RESTful Services API calls to configure internal users and endpoints. The main Cisco ISE dependency for this Java client code is the ers-schema.jar file. The Java Demo application consists of a generic HTTP client that is based on the Apache DefaultHttpClient and two main classes. These classes execute REST calls in a sequential order.
The source code and the required libraries are available for your reference in the demo application zip file. You can download the Java External RESTful Services Demo application and the ers-schema.jar file from the External RESTful Services Online SDK.
Related Topics
•
Downloading the Java External RESTful Services Demo Application
Step 1
Step 2
Step 3
Step 4
Step 5
The ers-schema-1.0-892.jar file is downloaded to your local machine.
Step 6
The ers-demo-app.zip file is downloaded to your local machine.
After you Finish
Note
