netapi - Network Automation Library

netapi is a composable network automation library and CLI for interacting with any API — network infrastructure, cloud services, DevOps platforms, or anything with an HTTP endpoint.

23 vendor integrations. 8 auth providers. One consistent interface.

Key Features

Feature Description

Feature	Description
Any API	23 vendor integrations: Cisco ISE, pfSense, GitHub, GitLab, Cloudflare, Keycloak, Vault, Synology, Infoblox, Wazuh, and more
Universal Auth	8 auth providers: Basic, Bearer, API Key, OAuth2, mTLS, RESTCONF, vendor-specific
Atomic Design	Build complex operations from simple, tested primitives across a 5-layer stack
Secrets-Aware	Native dsec integration with Age encryption and environment stratification
CLI + Library	Use via `netapi` CLI or import as Python library

Any API

23 vendor integrations: Cisco ISE, pfSense, GitHub, GitLab, Cloudflare, Keycloak, Vault, Synology, Infoblox, Wazuh, and more

Universal Auth

8 auth providers: Basic, Bearer, API Key, OAuth2, mTLS, RESTCONF, vendor-specific

Atomic Design

Build complex operations from simple, tested primitives across a 5-layer stack

Secrets-Aware

Native dsec integration with Age encryption and environment stratification

CLI + Library

Use via netapi CLI or import as Python library

Quick Start

# Load secrets
dsource d000 dev/network

# ISE: list active sessions
netapi ise mnt sessions

# pfSense: list DNS entries
netapi pfsense dns list

# GitHub: list repos
netapi github repos --org my-org

# Cloudflare: list DNS zones
netapi cloudflare zones

Architecture

The library follows a composable 5-layer stack:

Layer	Name	Components
5	Workflows	multi-vendor-backup, device-inventory, compliance-audit
4	Vendors	Cisco ISE, IOS, WLC, pfSense, GitHub, GitLab, Keycloak, Vault, Synology, +13 more
3	Capabilities	backup, monitoring, provisioning, compliance
2	Protocols	RESTCONF, NETCONF, gNMI, SSH, SNMP
1	Primitives	auth (8 providers), http (retry/backoff), parsers, models, config

Layer

Name

Components

Workflows

multi-vendor-backup, device-inventory, compliance-audit

Vendors

Cisco ISE, IOS, WLC, pfSense, GitHub, GitLab, Keycloak, Vault, Synology, +13 more

Capabilities

backup, monitoring, provisioning, compliance

Protocols

RESTCONF, NETCONF, gNMI, SSH, SNMP

Primitives

auth (8 providers), http (retry/backoff), parsers, models, config

Vendor Coverage

Vendor Auth CLI Client

Vendor	Auth	CLI	Client
Cisco ISE (ERS, MnT, DataConnect, pxGrid, OpenAPI)	Basic, mTLS	`netapi ise`	8 clients
Cisco WLC / IOS	Basic, RESTCONF	`netapi wlc`, `netapi ios`	RESTCONF + SSH
pfSense	API Key	`netapi pfsense`	65+ methods
GitHub / GitLab / Gitea	Bearer (PAT)	`netapi github`, `netapi gitlab`, `netapi gitea`	REST v3/v4
Keycloak	Bearer (OAuth2)	`netapi keycloak`	Admin REST
HashiCorp Vault	Bearer	`netapi vault`	Secrets + PKI
Synology	Session (SID)	`netapi synology`	DSM API
Infoblox	Basic	`netapi infoblox`	WAPI
Cloudflare	Bearer	`netapi cloudflare`	CDN + DNS
Wazuh	Bearer	`netapi wazuh`	SIEM REST

Cisco ISE (ERS, MnT, DataConnect, pxGrid, OpenAPI)

Basic, mTLS

netapi ise

8 clients

Cisco WLC / IOS

Basic, RESTCONF

netapi wlc, netapi ios

RESTCONF + SSH

pfSense

API Key

netapi pfsense

65+ methods

GitHub / GitLab / Gitea

Bearer (PAT)

netapi github, netapi gitlab, netapi gitea

REST v3/v4

Keycloak

Bearer (OAuth2)

netapi keycloak

Admin REST

HashiCorp Vault

Bearer

netapi vault

Secrets + PKI

Synology

Session (SID)

netapi synology

DSM API

Infoblox

Basic

netapi infoblox

WAPI

Cloudflare

Bearer

netapi cloudflare

CDN + DNS

Wazuh

Bearer

netapi wazuh

SIEM REST

Documentation

Section Description

Section	Description
Universal Patterns	Authentication, response handling, resilience, API discovery — patterns that work with any API
CLI Design	Universal `netapi <vendor> <resource> <verb>` grammar
Vendor Definition	Declarative YAML format for adding new API integrations
Integrating Any API	Step-by-step guide: take any API from discovery to automation
CLI Reference	Full command documentation for all 18 vendor CLIs
Troubleshooting	Common issues and solutions

Universal Patterns

Authentication, response handling, resilience, API discovery — patterns that work with any API

CLI Design

Universal netapi <vendor> <resource> <verb> grammar

Vendor Definition

Declarative YAML format for adding new API integrations

Integrating Any API

Step-by-step guide: take any API from discovery to automation

CLI Reference

Full command documentation for all 18 vendor CLIs

Troubleshooting

Common issues and solutions