netapi: Architecture & Vendors

1. Architecture

1.1. Atomic Design Layer Stack

netapi/
+-- primitives/    # Atomic building blocks (auth, http, parsers)
+-- protocols/     # Network protocols (RESTCONF, NETCONF, gNMI, SSH)
+-- capabilities/  # Cross-vendor operations (backup, monitoring)
+-- vendors/       # Vendor-specific implementations
+-- workflows/     # Orchestrated multi-step operations
+-- cli/           # Typer CLI interface

1.2. Technology Stack

Layer Technology Rationale

Language

Python 3.11+

Fastest prototyping, richest network automation ecosystem (netmiko, ncclient, scrapli)

CLI Framework

Typer

Modern Python CLI with type hints, auto-generated help, rich output

HTTP

httpx / requests

Async-capable, connection pooling, TLS configuration

Credential Management

dsec integration

Loads from gopass/Vault via dsource — no hardcoded credentials

Error Handling

Unified exception hierarchy

NetapiError base class with NetapiAuthError, NetapiConnectionError, NetapiTimeoutError, etc.

Distribution

pip extras

Modular installs: pip install netapi[ise], pip install netapi[all]

1.3. dsec Integration

netapi loads credentials from the dsec secrets system, never from config files or environment variables directly.

from netapi.vendors.cisco.ise import ERSClient

# Automatically loads from dsource d000 dev/network
client = ERSClient.from_dsec('home.lab.ise.primary')

2. Supported Vendors

Vendor APIs Status

Cisco ISE

ERS, OpenAPI, MnT, pxGrid, DataConnect

Full

Cisco WLC 9800

RESTCONF

Full

Cisco IOS-XE

RESTCONF, SSH

Full

Cisco FMC

REST

Full

Cisco DNAC/Catalyst Center

REST

Full

pfSense

REST v2

Full

Synology

DSM API

Full

Infoblox

WAPI

Full

Keycloak

Admin REST

Full

HashiCorp Vault

REST

Full

GitHub

REST v3

Full

GitLab

REST v4

Full

Gitea

REST

Full

KVM/libvirt

SSH

Full

Wazuh

REST

Full

Cloudflare

REST

Full

Monad/Splunk

REST

Full

Microsoft DNS

PowerShell

Basic

2.1. Optional Dependencies

Extra Includes

cisco

netmiko, ncclient, scrapli, napalm

ise

ciscoisesdk, oracledb (DataConnect)

async

aiohttp, asyncssh

nornir

nornir, nornir-netmiko, nornir-napalm

parsing

textfsm, ntc-templates, ttp

data

pandas, openpyxl, jmespath

github

pure Python

gitlab

pure Python

gitea

pure Python

monad

pure Python (Splunk)

vault

hvac (HashiCorp Vault)
genie/pyats removed from parsing due to unfixed CVEs. Install separately if needed.