- Overview
- RADIUS Accounting Log
- Using WiMAX in Cisco Prime Access Registrar
- Replication Log
- Using On-Demand Address Pools
- Wireless Support
- Enforcement of Licensing Models
- Logging Syslog Messages
- Troubleshooting Cisco Prime Access Registrar
- Cisco Prime Access Registrar Tcl, REX, and Java Dictionaries
- Environment Dictionary
- RADIUS Attributes
- Support for REST API in Cisco Prime Access Registrar
- Supported Counters and Error Statistics
- Health Monitoring in Cisco Prime Access Registrar
Support for REST API in Cisco Prime Access Registrar
This appendix provides information about the REpresentational State Transfer (REST) APIs supported in Cisco Prime Access Registrar. The purpose of this appendix is to provide a developer, system or network administrator, or system integrator with basic guidelines for using the outlined REST APIs within the Prime Access Registrar deployment.
REST API Framework
REST is a resource-based architectural style to create web services. A resource is an object, which could be a user, address, and so on. Each resource is identified by a Unique Resource Identifier (URI) and is manipulated by representations that pass back and forth between client and server. Representations can be in the form of XML, JSON, Plain, TEXT, or HTML. However, Prime Access Registrar supports only the JSON format.
Table D-1 lists the common operations supported in Prime Access Registrar for REST APIs.
|
|
---|---|
This topic contains the following sections:
- REST API Services
- CoA and PoD REST APIs
- REST API Support for Query and Release Sessions
- Support for RADIUS to JSON and JSON to RADIUS Translation
REST API Services
You can use any client for creating the APIs and must pass the following information as inputs for the APIs:
- Content-Type—application/json
- username—username to access the service
- password—password to access the service
Table D-1 lists the REST APIs used in Prime Access Registrar.
Table D-3 provides a list of other REST APIs used in Prime Access Registrar.
Example for adding a user using REST interface:
Always the JSON input must start with name of the objects while editing sub objects. A sample is given below:
Note REST interface can also be accessed using HTTPS through the 8443 port.
CoA and PoD REST APIs
The Change of Authorization (CoA) and Packet of Disconnect (PoD) API calls allow you to send session reauthentication and session disconnect commands for a specified session.
You can use any client for creating the APIs and must pass the following information as inputs for the APIs:
– For PoD—http://<hostname>:8080/RESTAPI/service/PoD
– For CoA—http://<hostname>:8080/RESTAPI/service/CoA
- Content-Type—application/json
- username—username to access the service
- password—password to access the service
- data—API body with syntax as listed in Table D-4
The following example shows a sample PoD API written using cURL client:
Prime Access Registrar supports basic authentication with Base64 encoding support for username and password.
A sample header on encryption is provided in the example below:
The following example shows a sample CoA API:
Note REST interface can also be accessed using HTTPS through the 8443 port.
We can also send CoA using with-profile option along with the existing parameters using REST API.
The parameters supported for REST API for CoA with-profile option are: with-id, with-user, with-key, with-nas, with-ip-address, with-ipx-network, with-age, with-usr-vpn, with-attribute, with-Home-Agent, and with-IP-Subnet.
|
|
---|---|
"{"parameter":"192.168.0.4","value":"","type”:”with-ip-address"}" |
|
"{"parameter":"Framed-IP-Address","value":"192.168.0.1","type":"with-attribute"}" |
|
Prime Access Registrar supports send-CoA using CLI interface as well. For configuring send-CoA using CLI, see the “query-sessions” section in the “Setting the Cisco Prime Access Registrar Configurable Option” chapter of the Cisco Prime Access Registrar 9.2 Administrator Guide.
REST API Support for Query and Release Sessions
The REST interface allows you to perform the following:
- Query the server about the currently active user sessions
- Release the currently active user sessions
You can request information about those sessions that match a specified filter type, which could be one of the following:
- with-id
- with-user
- with-key
- with-nas
- with-ip-address
- with-ipx-network
- with-age
- with-usr-vpn
- with-attribute
- with-Home-Agent
- with-IP-Subnet
Table D-5 lists the details of REST APIs for query and release session services.
Support for RADIUS to JSON and JSON to RADIUS Translation
Prime Access Registrar allows you to translate incoming radius requests to JSON format and vice versa.
The REST interface is extended to accommodate this functionality. This translation is supported for the following scenarios:
- Authorization
- Accounting (Start/Interim-Update/Stop)
- Change of Authorization/Packet of Disconnect (CoA/PoD)
- Session manager
Note This translation is not supported for authentication.
The following are CLI configurations to support this feature:
CSRF Token Implementation using REST
Prime Access Registrar supports Cross-Site Request Forgery (CSRF) check for enhanced security. A CSRF token is introduced to handle a CSRF request. This is an optional feature and is backward compatible.
1. Enable CSRF Token in RestCSRF.properties under /cisco-ar/apache-tomcat-9.0.31/webapps/RESTAPI/WEB-INF/classes/RestCSRF.properties
Set the value to YES as shown below. Default is NO.
2. Set the timer for the CSRF token in RestCSRF.properties. The token expires based on the timer value. Default time value is 5 mins.
3. Generate CSRF tokens based on the authentication parameters. See the sample command below:
4. You can perform curl operations using the CSRF token. See the sample command below: