Cisco SD-WAN Manager JWT Based Authentication for APIs

Table 1. Feature History

Feature Name

Release Information

Description

Cisco SD-WAN Manager JWT Based Authentication for APIs

Cisco Catalyst SD-WAN Manager Release 20.18.1

This feature supports Java Web Token (JWT) based authentication, enabling external applications to access Cisco SD-WAN Manager functionalities. API tokens can be generated within the Cisco SD-WAN Manager and shared with these applications, allowing them to access Cisco SD-WAN Manager through JWT authorization.

Information about Java Web Token Based Authentication

Starting from Cisco Catalyst SD-WAN Manager Release 20.18.1, users can generate API tokens in the form of Java Web Tokens (JWT) within Cisco SD-WAN Manager. These JWT API tokens enable external applications to authenticate and access data based on the user's roles and permissions within the Cisco SD-WAN Manager. Users can generate a JWT that corresponds to their specific permissions, ensuring that external applications can only access authorized data in Cisco SD-WAN Manager.

Token Management

Users can generate, copy, download, and delete JWTs within Cisco SD-WAN Manager. Only one active token is allowed per account, and each token automatically expires after approximately ten years.

Role-Based Access

JWT adhere to the user's role, providing access only to the APIs that the user is authorized to use. For example, a user with access only to configuration groups will have a JWT that grants API access solely to those groups.

Authenticate Using JWT

Here's a workflow illustrating how JWT facilitate secure interaction between Cisco SD-WAN Manager and an external third-party application.

Figure 1. Authenticate Using JWT

Cisco SD-WAN Manager

  1. Generate JWT: The user logs into the Cisco SD-WAN Manager and generates a JWT from their profile.

  2. Copy/Download Token: The user copies or downloads the generated token for use.

External Application

  1. Paste JWT: The user pastes the JWT copied from Cisco SD-WAN Manager into the authorization section of their application.

  2. Send/Receive API Data: The application uses the token to authenticate, makes API requests to Cisco SD-WAN Manager, and receives responses.

Generate JWT in Cisco SD-WAN Manager

  1. From the Cisco SD-WAN Manager menu, under the Admin drop-down list, choose My Profile

  2. Under API Token, click Generate to create a token if no token exists.

    After creating a token, you have the option to copy, download, or delete it as needed.