Policy API Specification
Specification Details
| Property | Value |
|---|---|
Title |
Cisco ISE API - Policy |
OpenAPI Version |
3.0.3 |
API Version |
1.0.0 |
ISE Version |
3.4 |
Base URL |
|
Authentication |
HTTP Basic (ERS Admin credentials) |
Endpoints |
75 |
API Comparison
| API | Base Path | Port | Purpose |
|---|---|---|---|
ERS |
|
9060 |
Configuration objects (endpoints, groups, profiles, dACLs) |
Policy |
|
443 |
Policy sets, authentication rules, authorization rules |
Endpoint Categories
Network Access (802.1X/RADIUS)
| Endpoint Pattern | Methods | Description |
|---|---|---|
|
GET, POST |
List/create policy sets |
|
GET, PUT, DELETE |
Manage specific policy set |
|
GET, POST |
Authentication rules |
|
GET, PUT, DELETE |
Specific auth rule |
|
GET, POST |
Authorization rules |
|
GET, PUT, DELETE |
Specific authz rule |
|
GET, POST |
Exception rules |
|
GET, POST |
Library conditions |
|
GET |
Policy dictionaries (attributes) |
|
GET |
Available identity stores |
|
GET |
TrustSec security groups |
|
GET |
Available authz profiles |
|
GET |
Allowed protocols services |
Device Administration (TACACS+)
| Endpoint Pattern | Methods | Description |
|---|---|---|
|
GET, POST |
TACACS+ policy sets |
|
GET, POST |
TACACS+ auth rules |
|
GET, POST |
TACACS+ authz rules |
|
GET |
Command sets |
|
GET |
Shell profiles |
|
GET, POST |
TACACS+ conditions |
Full Endpoint List
All 75 Policy API Endpoints
# Device Administration (TACACS+)
/api/v1/policy/device-admin/command-sets
/api/v1/policy/device-admin/condition
/api/v1/policy/device-admin/condition/authentication
/api/v1/policy/device-admin/condition/authorization
/api/v1/policy/device-admin/condition/condition-by-name/\{conditionName\}
/api/v1/policy/device-admin/condition/\{conditionId\}
/api/v1/policy/device-admin/condition/policyset
/api/v1/policy/device-admin/dictionaries/authentication
/api/v1/policy/device-admin/dictionaries/authorization
/api/v1/policy/device-admin/dictionaries/policyset
/api/v1/policy/device-admin/identity-stores
/api/v1/policy/device-admin/network-condition
/api/v1/policy/device-admin/network-condition/\{conditionId\}
/api/v1/policy/device-admin/policy-set
/api/v1/policy/device-admin/policy-set/global-exception
/api/v1/policy/device-admin/policy-set/global-exception/reset-hitcount
/api/v1/policy/device-admin/policy-set/global-exception/\{ruleId\}
/api/v1/policy/device-admin/policy-set/\{policyId\}
/api/v1/policy/device-admin/policy-set/\{policyId\}/authentication
/api/v1/policy/device-admin/policy-set/\{policyId\}/authentication/reset-hitcount
/api/v1/policy/device-admin/policy-set/\{policyId\}/authentication/\{ruleId\}
/api/v1/policy/device-admin/policy-set/\{policyId\}/authorization
/api/v1/policy/device-admin/policy-set/\{policyId\}/authorization/reset-hitcount
/api/v1/policy/device-admin/policy-set/\{policyId\}/authorization/\{ruleId\}
/api/v1/policy/device-admin/policy-set/\{policyId\}/exception
/api/v1/policy/device-admin/policy-set/\{policyId\}/exception/reset-hitcount
/api/v1/policy/device-admin/policy-set/\{policyId\}/exception/\{ruleId\}
/api/v1/policy/device-admin/policy-set/\{policyId\}/mfa
/api/v1/policy/device-admin/policy-set/\{policyId\}/mfa/reset-hitcount
/api/v1/policy/device-admin/policy-set/\{policyId\}/mfa/\{ruleId\}
/api/v1/policy/device-admin/policy-set/reset-hitcount
/api/v1/policy/device-admin/service-names
/api/v1/policy/device-admin/shell-profiles
/api/v1/policy/device-admin/time-condition
/api/v1/policy/device-admin/time-condition/\{conditionId\}
# Network Access (802.1X/RADIUS)
/api/v1/policy/network-access/authorization-profiles
/api/v1/policy/network-access/condition
/api/v1/policy/network-access/condition/authentication
/api/v1/policy/network-access/condition/authorization
/api/v1/policy/network-access/condition/condition-by-name/\{conditionName\}
/api/v1/policy/network-access/condition/\{conditionId\}
/api/v1/policy/network-access/condition/policyset
/api/v1/policy/network-access/dictionaries
/api/v1/policy/network-access/dictionaries/authentication
/api/v1/policy/network-access/dictionaries/authorization
/api/v1/policy/network-access/dictionaries/\{dictionaryName\}/attribute
/api/v1/policy/network-access/dictionaries/\{dictionaryName\}/attribute/\{attributeName\}
/api/v1/policy/network-access/dictionaries/\{name\}
/api/v1/policy/network-access/dictionaries/policyset
/api/v1/policy/network-access/identity-stores
/api/v1/policy/network-access/network-condition
/api/v1/policy/network-access/network-condition/\{conditionId\}
/api/v1/policy/network-access/policy-set
/api/v1/policy/network-access/policy-set/global-exception
/api/v1/policy/network-access/policy-set/global-exception/reset-hitcount
/api/v1/policy/network-access/policy-set/global-exception/\{ruleId\}
/api/v1/policy/network-access/policy-set/\{policyId\}
/api/v1/policy/network-access/policy-set/\{policyId\}/authentication
/api/v1/policy/network-access/policy-set/\{policyId\}/authentication/reset-hitcount
/api/v1/policy/network-access/policy-set/\{policyId\}/authentication/\{ruleId\}
/api/v1/policy/network-access/policy-set/\{policyId\}/authorization
/api/v1/policy/network-access/policy-set/\{policyId\}/authorization/reset-hitcount
/api/v1/policy/network-access/policy-set/\{policyId\}/authorization/\{ruleId\}
/api/v1/policy/network-access/policy-set/\{policyId\}/exception
/api/v1/policy/network-access/policy-set/\{policyId\}/exception/reset-hitcount
/api/v1/policy/network-access/policy-set/\{policyId\}/exception/\{ruleId\}
/api/v1/policy/network-access/policy-set/\{policyId\}/mfa
/api/v1/policy/network-access/policy-set/\{policyId\}/mfa/reset-hitcount
/api/v1/policy/network-access/policy-set/\{policyId\}/mfa/\{ruleId\}
/api/v1/policy/network-access/policy-set/reset-hitcount
/api/v1/policy/network-access/security-groups
/api/v1/policy/network-access/service-names
/api/v1/policy/network-access/time-condition
/api/v1/policy/network-access/time-condition/\{conditionId\}Usage with netapi
The Policy API is used by these netapi commands:
| Command | API Endpoint |
|---|---|
|
|
|
|
|
|
|
|
|
|
|
|