### Enable API Service Configuration Source: https://developer.cisco.com/docs/identity-services-engine/v1/index Provides step-by-step instructions for enabling REST API services (ERS and Open API) within the Cisco ISE GUI. Covers enabling services on primary and secondary nodes, and configuring CSRF protection. ```APIDOC Enable API Service: API services are disabled by default. Enable the Cisco ISE REST API feature for applications to access Cisco ISE. Steps: 1. Navigate to Administration > System > Settings > API Settings > API Service Settings. 2. In the 'API Service Settings for Primary Administration Node' area: - Enable ERS (Read/Write) by toggling the ERS button. - Enable Open API (Read/Write) by toggling the Open API button. 3. In the 'API Service Settings for All Other Nodes' area: - Enable ERS (Read) by toggling the ERS button. - Enable Open API (Read) by toggling the Open API button. 4. Configure CSRF Check: - 'Use CSRF Check for Enhanced Security': ERS client must send a GET request to fetch CSRF token and include it in subsequent requests. Valid for clients earlier than Cisco ISE Release 2.3. - 'Disable CSRF for ERS Request': CSRF validation is not performed. Suitable for clients earlier than Cisco ISE Release 2.3. 5. Click 'Save'. ``` -------------------------------- ### Cisco ISE API Categories Overview Source: https://developer.cisco.com/docs/identity-services-engine/v1/index Lists the primary functional categories of APIs available in Cisco Identity Services Engine (ISE) v1, providing a high-level overview of their capabilities. ```APIDOC API Categories: - RADIUS Policy: Manage RADIUS policies, including Authorization Profile, SecurityGroup, IdentityStores, Profiles, Dictionaries, Attributes, Conditions (Library, Network, Time, Date), and Policy Sets (AuthN, Authz, Exception, Global Exception rules). - TACACS+ Policy: Manage TACACS+ Policies, including Command Sets, TACACS Profiles, IdentityStores, ServiceNames, and TACACS-related Dictionary management. Also covers Conditions and Policy Sets. - TrustSec: Manage TrustSec operations like Virtual Networks (VNs), Security Group - Virtual Network mappings (SG-VN mappings), and VN-VLAN mappings. - Task Service: Monitor the status of various tasks executed within Cisco ISE. - Deployment: Configure Cisco ISE nodes and set up the deployment. - Patch and Hot Patch: Perform patch-related operations such as installing, removing, and listing installed patches. Note: Requires primary PAN services to be up. - License: Register, enable, and manage smart licensing. ``` -------------------------------- ### Cisco ISE Open API Overview Source: https://developer.cisco.com/docs/identity-services-engine/v1/index Details the newer Open APIs introduced in Cisco ISE Release 3.1. These APIs are also REST-based over HTTPS and are designed for managing specific ISE functionalities like repositories, configuration backup/restore, certificates, and policies. ```APIDOC Cisco ISE Open APIs (Release 3.1+): - Protocol: HTTPS - Port: 443 - Specification: Swagger UI available at https://*{ise-ip}*/api/swagger-ui/index.html - Managed Functionalities: - Repository Management: Create, retrieve, update, delete repository configurations, list files. - Configuration Data Backup and Restore: Create, cancel, update, restore configurations, list backup status, manage backup schedules. - Certificate Management: Create, retrieve, update, delete system/trusted certificates, create CSRs, export/import certificates. - Policy Management: Manage different types of policies. ``` -------------------------------- ### Cisco ISE API Gateway Management Source: https://developer.cisco.com/docs/identity-services-engine/v1/index Provides API endpoints for managing the Cisco ISE API Gateway configuration. This includes retrieving the current status of the gateway on different nodes and updating which nodes have the gateway enabled. ```APIDOC GET /admin/API/apiGateway/get Description: Retrieves the status of the API Gateway on Cisco ISE nodes. Parameters: None Response: Type: Array of Objects Example: [ { "id": "1234", "hostname": "", "isEnabled": true }, { "id": "5678", "hostname": "", "isEnabled": false } ] POST /admin/API/apiGateway/update Description: Updates the API Gateway configuration for specified Cisco ISE nodes. Request Type: POST Request Body: Type: Array of Objects Example: [ {"hostname": "","isEnabled": "true"}, {"hostname": "","isEnabled": "false"} ] Parameters: hostname: The hostname of the ISE node. isEnabled: Boolean string ('true' or 'false') indicating if the API Gateway should be enabled on the specified node. Response: Typically indicates success or failure of the update operation. ``` -------------------------------- ### Cisco ISE ERS API Overview Source: https://developer.cisco.com/docs/identity-services-engine/v1/index Provides an overview of the External Restful Services (ERS) APIs for Cisco ISE. These APIs are REST-based, use HTTPS, and support basic authentication. They are suitable for integration with various clients like Java, Python, or cURL. ```APIDOC Cisco ISE ERS APIs: - Protocol: HTTPS - Port: 443 (standard), 9060 (alternative) - Authentication: Basic authentication (credentials in request header, encrypted) - TLS Support: TLS 1.1, TLS 1.2, TLS 1.3 (TLS 1.0 not supported for ERS APIs) - Session Idle Timeout: 60 seconds - SDK/Specification: Available at https://*{ise-ip}*/ers/sdk - OpenAPI Specification: Downloadable JSON file from Cisco ISE GUI (Administration > System Settings > API Settings > Overview) - Client Examples: JAVA, cURL, Python ``` -------------------------------- ### Cisco ISE API User Privileges Source: https://developer.cisco.com/docs/identity-services-engine/v1/index Explains the required user privileges for operating on Cisco ISE API services. Users must be mapped to ERS Admin or ERS Operator roles, which dictate their access levels to ERS APIs. ```APIDOC User Privileges for Cisco ISE API Services: - Required Mapping: Internal users or external AD groups must be mapped to ERS Admin or ERS Operator groups. - ERS Admin Role: - Permissions: Full access to all ERS APIs (GET, POST, DELETE, PUT). - Capabilities: Create, read, update, and delete ERS API requests. - ERS Operator Role: - Permissions: Read-only access (GET requests only). - Super Admin Role: - Permissions: Can access all API services. ``` === COMPLETE CONTENT === This response contains all available snippets from this library. No additional content exists. Do not make further requests.