API Exploration Hub

Sister workspace to domus-netapi-docs. This is the workshop - raw exploration, testing, patterns, and learnings.

Philosophy

Explore first, document second, automate last.

Vendor Coverage

System	APIs	Status	netapi Support
Cisco ISE	ERS, OpenAPI, MnT, DataConnect, pxGrid	Active	Full
HashiCorp Vault	Secrets, PKI, SSH CA, Auth, Audit	Active	Partial
pfSense	REST API (pfrest)	Active	Full
Cisco WLC 9800	RESTCONF, CLI-over-SSH	Active	Partial
Synology DSM	Core API, FileStation, PhotoStation	Active	Partial
Keycloak	Admin REST, OIDC, SAML	Planned	None
OpenAI/LLM	Chat, Embeddings, Assistants, Ollama	Exploring	N/A

System

APIs

Status

netapi Support

Cisco ISE

ERS, OpenAPI, MnT, DataConnect, pxGrid

Active

Full

HashiCorp Vault

Secrets, PKI, SSH CA, Auth, Audit

Active

Partial

pfSense

REST API (pfrest)

Active

Full

Cisco WLC 9800

RESTCONF, CLI-over-SSH

Active

Partial

Synology DSM

Core API, FileStation, PhotoStation

Active

Partial

Keycloak

Admin REST, OIDC, SAML

Planned

None

OpenAI/LLM

Chat, Embeddings, Assistants, Ollama

Exploring

N/A

ISE API Deep Dive

ISE has 5 distinct APIs - each with different purposes:

API	Purpose	Best For
ERS	External RESTful Services - CRUD for identity/policy objects	Endpoints, groups, profiles, dACLs, network devices
OpenAPI	Modern REST - policy management, deployment	Policy sets, rules, conditions, node management
MnT	Monitoring & Troubleshooting - sessions, CoA	Active sessions, reauthentication, disconnect
DataConnect	JDBC/ODBC - SQL queries against ISE database	Historical data, reports, analytics, trends
pxGrid	Pub/sub - real-time events, context sharing	Session events, ANC actions, threat response

API

Purpose

Best For

ERS

External RESTful Services - CRUD for identity/policy objects

Endpoints, groups, profiles, dACLs, network devices

OpenAPI

Modern REST - policy management, deployment

Policy sets, rules, conditions, node management

MnT

Monitoring & Troubleshooting - sessions, CoA

Active sessions, reauthentication, disconnect

DataConnect

JDBC/ODBC - SQL queries against ISE database

Historical data, reports, analytics, trends

pxGrid

Pub/sub - real-time events, context sharing

Session events, ANC actions, threat response

Infrastructure Endpoints

Quick reference for API base URLs (all attributes from antora.yml):

System Base URL Port

System	Base URL	Port
ISE ERS	`https://ise-01.inside.domusdigitalis.dev:9060/ers/config/`	9060
ISE OpenAPI	`https://ise-01.inside.domusdigitalis.dev/api/v1/`	443
ISE MnT	`https://ise-01.inside.domusdigitalis.dev/admin/API/mnt/`	443
ISE DataConnect	JDBC: `ise-01.inside.domusdigitalis.dev:2484`	2484
ISE pxGrid	`https://ise-01.inside.domusdigitalis.dev:8910/`	8910
Vault	`https://vault-01.inside.domusdigitalis.dev:8200/v1/`	8200
pfSense	`https://pfsense-01.inside.domusdigitalis.dev/api/v2/`	443
WLC	`https://wlc-01.inside.domusdigitalis.dev/restconf/data/`	443
Synology	`https://nas-01.inside.domusdigitalis.dev:5001/webapi/`	5001
Keycloak	`https://keycloak-01.inside.domusdigitalis.dev/admin/realms/`	443

ISE ERS

https://ise-01.inside.domusdigitalis.dev:9060/ers/config/

9060

ISE OpenAPI

https://ise-01.inside.domusdigitalis.dev/api/v1/

443

ISE MnT

https://ise-01.inside.domusdigitalis.dev/admin/API/mnt/

443

ISE DataConnect

JDBC: ise-01.inside.domusdigitalis.dev:2484

2484

ISE pxGrid

https://ise-01.inside.domusdigitalis.dev:8910/

8910

Vault

https://vault-01.inside.domusdigitalis.dev:8200/v1/

8200

pfSense

https://pfsense-01.inside.domusdigitalis.dev/api/v2/

443

WLC

https://wlc-01.inside.domusdigitalis.dev/restconf/data/

443

Synology

https://nas-01.inside.domusdigitalis.dev:5001/webapi/

5001

Keycloak

https://keycloak-01.inside.domusdigitalis.dev/admin/realms/

443

Patterns Library

Reusable patterns across all APIs:

Authentication Methods - Basic, Bearer, mTLS, OAuth2, API keys
Pagination - Offset, cursor, link-based
Error Handling - HTTP codes, retry logic, backoff
curl → Python - Translation patterns
jq Transforms - Common JSON manipulations

Workflow

1. Explore    → curl/netapi in terminal, observe responses
2. Document   → Add to examples/api/{vendor}/
3. Pattern    → Extract reusable patterns
4. Graduate   → Move production-ready to domus-netapi-docs

Quick Reference

ISE Operations

# netapi
netapi ise ers endpoints

# curl
curl -ks -u "$ISE_USER:$ISE_PASS" \
  -H "Accept: application/json" \
  "https://$ISE_HOST:9060/ers/config/endpoint" | jq '.SearchResult.resources'

Vault Operations

# CLI
vault kv get kv/infrastructure/ise

# curl
curl -ks -H "X-Vault-Token: $VAULT_TOKEN" \
  "$VAULT_ADDR/v1/kv/data/infrastructure/ise" | jq '.data.data'

pfSense Operations

# netapi
netapi pfsense dns list

# curl
curl -ks -H "Authorization: Bearer $PFSENSE_TOKEN" \
  "https://$PFSENSE_HOST/api/v2/services/unbound/host_overrides" | jq