ERS API Reference
External RESTful Services (ERS) - The primary configuration API for ISE resources.
Overview
| Port | 9060 |
|---|---|
Protocol |
HTTPS |
Authentication |
Basic Auth |
Content Types |
|
Base URL |
|
ERS must be enabled in ISE: |
Setup
# Load credentials
dsource d000 dev/network
# Verify connectivity
curl -sk -u "${ISE_API_USER}:${ISE_API_PASS}" \
-H "Accept: application/json" \
"https://${ISE_PAN_FQDN}:9060/ers/config/endpoint?size=1" | jq '.SearchResult.total'Resources
| Resource | Endpoint | Operations |
|---|---|---|
|
CRUD, Bulk, Search |
|
Network Devices |
|
CRUD, Search |
Endpoint Groups |
|
CRUD |
Identity Groups |
|
Read |
Authorization Profiles |
|
CRUD |
DACLs |
|
CRUD |
Security Groups (SGT) |
|
CRUD |
Profiler Profiles |
|
Read (889 built-in) |
ANC Policies |
|
CRUD, Apply/Clear |
Common Patterns
List All (Paginated)
curl -sk -u "${ISE_API_USER}:${ISE_API_PASS}" \
-H "Accept: application/json" \
"https://${ISE_PAN_FQDN}:9060/ers/config/endpoint?page=1&size=100"Get by ID
curl -sk -u "${ISE_API_USER}:${ISE_API_PASS}" \
-H "Accept: application/json" \
"https://${ISE_PAN_FQDN}:9060/ers/config/endpoint/${ENDPOINT_ID}"Search with Filter
# Filter by MAC
curl -sk -u "${ISE_API_USER}:${ISE_API_PASS}" \
-H "Accept: application/json" \
"https://${ISE_PAN_FQDN}:9060/ers/config/endpoint?filter=mac.EQ.AA:BB:CC:DD:EE:FF"
# Filter operators: EQ, NEQ, CONTAINS, STARTSWITH, ENDSWITHCreate Resource
curl -sk -u "${ISE_API_USER}:${ISE_API_PASS}" \
-H "Accept: application/json" \
-H "Content-Type: application/json" \
-X POST \
-d '@payload.json' \
"https://${ISE_PAN_FQDN}:9060/ers/config/endpoint"Filter Syntax
| Operator | Syntax | Example |
|---|---|---|
Equals |
|
|
Not Equals |
|
|
Contains |
|
|
Starts With |
|
|
Ends With |
|
|
Multiple filters (AND):
"?filter=mac.STARTSWITH.AA:BB&filter=staticGroupAssignment.EQ.true"Bulk Operations
Bulk Create
curl -sk -u "${ISE_API_USER}:${ISE_API_PASS}" \
-H "Accept: application/json" \
-H "Content-Type: application/json" \
-X POST \
-d '{
"ERSBulkRequest": {
"operationType": "create",
"resourceMediaType": "application/json",
"resources": [
{"mac": "AA:BB:CC:DD:EE:01", "groupId": "..."},
{"mac": "AA:BB:CC:DD:EE:02", "groupId": "..."}
]
}
}' \
"https://${ISE_PAN_FQDN}:9060/ers/config/endpoint/bulk/submit"Response Structure
{
"SearchResult": {
"total": 1250,
"resources": [
{
"id": "abc-123-def",
"name": "AA:BB:CC:DD:EE:FF",
"link": {
"rel": "self",
"href": "https://ise:9060/ers/config/endpoint/abc-123-def",
"type": "application/json"
}
}
]
}
}{
"ERSResponse": {
"operation": "GET-endpoint",
"messages": [
{
"title": "Resource not found",
"type": "ERROR",
"code": "CRUD operation exception"
}
],
"link": {
"rel": "related",
"href": "https://ise:9060/ers/config/endpoint",
"type": "application/json"
}
}
}netapi CLI Equivalent
Every ERS operation has a netapi CLI equivalent:
| curl | netapi |
|---|---|
|
|
|
|
|
|
|
|