ISE API Overview :: Domus Digitalis

API Landscape

Cisco ISE exposes multiple APIs, each serving different use cases:

API Comparison

API	Port	Use Case	Auth	Status
ERS	9060	CRUD operations (endpoints, groups, devices)	Basic	✓ Implemented
OpenAPI	443	Modern REST API v1	OAuth2/Basic	Planned
MnT	443	Session queries, monitoring	Basic	✓ Implemented
pxGrid	8910	Real-time events (pub/sub)	Certificate	Planned
DataConnect	2484	SQL queries (Oracle)	Oracle	✓ Implemented

API

Port

Use Case

Auth

Status

ERS

9060

CRUD operations (endpoints, groups, devices)

Basic

✓ Implemented

OpenAPI

443

Modern REST API v1

OAuth2/Basic

Planned

MnT

443

Session queries, monitoring

Basic

✓ Implemented

pxGrid

8910

Real-time events (pub/sub)

Certificate

Planned

DataConnect

2484

SQL queries (Oracle)

Oracle

✓ Implemented

When to Use Each API

ERS (External RESTful Services)

Best for:

Creating/updating endpoints
Managing network devices
Identity group management
Authorization profiles

netapi ise get-endpoint C8:5B:76:C6:59:62

MnT (Monitoring & Troubleshooting)

Best for:

Active session queries
Authentication history
Real-time monitoring

netapi ise mnt sessions
netapi ise mnt session C8:5B:76:C6:59:62

DataConnect

Best for:

Complex SQL analytics
Historical reporting
Bulk data export

netapi ise dc stats

Authentication Methods

Method	APIs	Notes
Basic Auth	ERS, MnT, OpenAPI	Base64(username:password)
Certificate (mTLS)	pxGrid	Client certificate required
Oracle Auth	DataConnect	Separate Oracle credentials

Method

APIs

Notes

Basic Auth

ERS, MnT, OpenAPI

Base64(username:password)

Certificate (mTLS)

pxGrid

Client certificate required

Oracle Auth

DataConnect

Separate Oracle credentials