OpenAPI v1 :: Domus Digitalis

Overview

OpenAPI v1 provides access to ISE policy engine and certificate management. It’s the modern API for policy configuration (vs ERS for identity objects).

Category	Endpoints	Count
Policy	Policy sets, auth rules, authz rules, conditions	74
Endpoint	Bulk operations, rejected endpoints	7
Certificates	System certs, trusted certs, CSR	16
Custom Attributes	Endpoint custom attributes	3
Total		100

Base Configuration

Base URL

ise-01.inside.domusdigitalis.dev/api/v1

Port

443 (HTTPS)

Auth

Basic Authentication

Content-Type

application/json

Swagger UI

ise-01.inside.domusdigitalis.dev/api/swagger-ui/

Authentication

Same as ERS - Basic Auth with ERS Admin role.

dsource d000 dev/network
curl -sk -u "${ISE_API_USER}:${ISE_API_PASS}" \
  "https://${ISE_PAN_IP}/api/v1/policy/network-access/policy-set" \
  -H "Accept: application/json"

Response Format

OpenAPI responses use .response (not .SearchResult):

{
  "response": [
    {
      "id": "abc123",
      "name": "Policy Set Name",
      ...
    }
  ],
  "version": "1.0.0"
}

API Categories

Policy API (74 endpoints)

Primary API for network access policies.

Endpoint API (7 endpoints)

# Get rejected endpoints
curl -sk -u "${ISE_AUTH}" \
  "https://${ISE_PAN_IP}/api/v1/endpoint/rejected" \
  -H "Accept: application/json"

# Bulk endpoint operations
curl -sk -u "${ISE_AUTH}" \
  "https://${ISE_PAN_IP}/api/v1/endpoint/bulk" \
  -H "Content-Type: application/json" \
  -X POST -d @endpoints.json

Certificates API (16 endpoints)

# List trusted certificates
curl -sk -u "${ISE_AUTH}" \
  "https://${ISE_PAN_IP}/api/v1/certs/trusted-certificate" \
  -H "Accept: application/json" | jq '.response[].friendlyName'

# List system certificates
curl -sk -u "${ISE_AUTH}" \
  "https://${ISE_PAN_IP}/api/v1/certs/system-certificate/${NODE_ID}" \
  -H "Accept: application/json"

# Generate CSR
curl -sk -u "${ISE_AUTH}" \
  "https://${ISE_PAN_IP}/api/v1/certs/certificate-signing-request" \
  -H "Content-Type: application/json" \
  -X POST -d '{
    "allowWildCardCert": false,
    "commonName": "ise-01.example.com",
    ...
  }'

Custom Attributes API (3 endpoints)

# List custom attributes
curl -sk -u "${ISE_AUTH}" \
  "https://${ISE_PAN_IP}/api/v1/endpoint-custom-attribute" \
  -H "Accept: application/json"

OpenAPI vs ERS

Feature	OpenAPI	ERS
Policy Sets	Yes (full CRUD)	Read-only
Auth/Authz Rules	Yes	No
Conditions	Yes	No
Endpoints	Bulk only	Full CRUD
Network Devices	No	Yes
Identity Groups	No	Yes
Certificates	Yes	No

Feature

OpenAPI

ERS

Policy Sets

Yes (full CRUD)

Read-only

Auth/Authz Rules

Yes

No

Conditions

Yes

No

Endpoints

Bulk only

Full CRUD

Network Devices

No

Yes

Identity Groups

No

Yes

Certificates

Yes

No

OpenAPI v1