ISE OpenAPI
The modern ISE REST API, documented via OpenAPI/Swagger specification.
Overview
Base URL |
|
Auth |
Basic Auth (admin role) |
Format |
JSON |
Docs |
|
Key Endpoints
| Path | Purpose |
|---|---|
|
Policy sets (main 802.1X policies) |
|
Authorization profiles |
|
ISE deployment nodes |
|
Trusted certificate store |
|
System certificates |
Examples
List Policy Sets
# netapi
netapi ise list-policy-sets
# curl
curl -ks -u "$ISE_USER:$ISE_PASS" \
-H "Accept: application/json" \
"https://$ISE_HOST/api/v1/policy/network-access/policy-set" | jq '.response[]'Get Policy Rules
# Get policy set ID first
POLICY_ID=$(netapi ise list-policy-sets --format json | jq -r '.[] | select(.name=="Wired_802.1X_Closed") | .id')
# Get authorization rules
curl -ks -u "$ISE_USER:$ISE_PASS" \
"https://$ISE_HOST/api/v1/policy/network-access/policy-set/$POLICY_ID/authorization" | jqList Certificates
curl -ks -u "$ISE_USER:$ISE_PASS" \
"https://$ISE_HOST/api/v1/certs/trusted-certificate" | \
jq '.response[] | {name: .friendlyName, issuer: .issuedBy, expiry: .expirationDate}'Deployment Nodes
# netapi
netapi ise deployment nodes
# curl
curl -ks -u "$ISE_USER:$ISE_PASS" \
"https://$ISE_HOST/api/v1/deployment/node" | jq '.response[]'API Call Helper
For endpoints not wrapped in netapi:
# Generic OpenAPI call via netapi
netapi ise api-call openapi GET '/api/v1/deployment/node'
# With jq filtering
netapi ise api-call openapi GET '/api/v1/certs/trusted-certificate' | \
jq -r '.response[].friendlyName' | grep -i domusEnvironment Setup
dsource d000 dev/network
# Or manually
export ISE_HOST="ise-01.inside.domusdigitalis.dev"
export ISE_USER="admin"
export ISE_PASS="<from gopass>"Learnings
|
OpenAPI Gotchas
|