netapi - Network Automation Library

Table of Contents

Key Features
Quick Start
Architecture
ISE API Landscape
Validated APIs
CLI Structure
Documentation
Related Projects

netapi is a composable network automation library following Atomic Design and Zettelkasten principles, enabling infrastructure-as-code patterns for network operations.

Extract reusable primitives from 8+ years of ISE expertise.

Key Features

Feature Description

Feature	Description
Atomic Design	Build complex operations from simple, tested primitives
Capability-First	Organize by what you DO (backup, monitor), not just vendor
Secrets-Aware	Native dsec integration with environment stratification
CA Validation	MITM protection with HOME-ROOT-CA verification
CLI + Library	Use via `netapi` CLI or import as Python library

Atomic Design

Build complex operations from simple, tested primitives

Capability-First

Organize by what you DO (backup, monitor), not just vendor

Secrets-Aware

Native dsec integration with environment stratification

CA Validation

MITM protection with HOME-ROOT-CA verification

CLI + Library

Use via netapi CLI or import as Python library

Quick Start

# 1. Load secrets
eval "$(dsec source d000 dev/network)"

# 2. List active ISE sessions
netapi ise mnt sessions

# 3. Get session as JSON for jq
netapi ise mnt --format json sessions | jq '.[0]'

# 4. DataConnect auth stats
netapi ise dc stats

# 5. ERS endpoint lookup
netapi ise get-endpoint C8:5B:76:C6:59:62

# 6. Scrape Cisco ISE docs
netapi docs ise --version 3.2 --chapters 1

Architecture

The library follows a composable 5-layer stack:

Layer	Name	Components
5	Workflows	multi-vendor-backup, device-inventory, compliance-audit
4	Vendors	Cisco ISE, Cisco IOS/WLC, pfSense, Synology
3	Capabilities	backup, monitoring, provisioning, compliance
2	Protocols	RESTCONF, NETCONF, gNMI, SSH, SNMP
1	Primitives	auth, http, parsers, models, utils

Layer

Name

Components

Workflows

multi-vendor-backup, device-inventory, compliance-audit

Vendors

Cisco ISE, Cisco IOS/WLC, pfSense, Synology

Capabilities

backup, monitoring, provisioning, compliance

Protocols

RESTCONF, NETCONF, gNMI, SSH, SNMP

Primitives

auth, http, parsers, models, utils

ISE API Landscape

Validated APIs

API Format Command Status

API	Format	Command	Status
ERS	JSON	`netapi ise get-endpoint \| jq`	✓ PASS
MnT	TABLE	`netapi ise mnt sessions`	✓ PASS
DataConnect	JSON	`netapi ise dc stats \| jq`	✓ PASS

ERS

JSON

netapi ise get-endpoint | jq

✓ PASS

MnT

TABLE

netapi ise mnt sessions

✓ PASS

DataConnect

JSON

netapi ise dc stats | jq

✓ PASS

CLI Structure

Documentation

Section	Description	Status
Design Philosophy	Atomic composability and Zettelkasten principles	Complete
ISE Integration	ERS, MnT, DataConnect, pxGrid APIs	Complete
CLI Reference	Full command documentation	Complete
Troubleshooting	Common issues and solutions	Complete

Section

Description

Status

Design Philosophy

Atomic composability and Zettelkasten principles

Complete

ISE Integration

ERS, MnT, DataConnect, pxGrid APIs

Complete

CLI Reference

Full command documentation

Complete

Troubleshooting

Common issues and solutions

Complete

Related Projects

Layer Stack - Detailed architecture breakdown
Security - CA validation and mTLS setup