简介
本文档介绍如何使用安全访问API通过卷曲管理目标列表。
先决条件
要求
Cisco 建议您了解以下主题:
使用的组件
本文档中的信息基于以下软件和硬件版本:
本文档中的信息都是基于特定实验室环境中的设备编写的。本文档中使用的所有设备最初均采用原始(默认)配置。如果您的网络处于活动状态,请确保您了解所有命令的潜在影响。
配置
1.创建API密钥
导航到安全访问控制面板。
- 单击
Admin
> Api Keys
> Add
创建API密钥1
创建API密钥2
- 根据需
API Key Name
要Description (Optional)
添Expiry Date
加所需的
创建API密钥3
- 在
Key Scope
下,选择Policies
“扩展策略”
- 选择
Destination Lists
,然后 Destinations
- 如果需要
Scope
,请进行更改,否则请保留为 Read/Write
- 点击
CREATE KEY
创建API密钥4
- 复制
API Key
和,Key Secret
然后单击 ACCEPT AND CLOSE
创建API密钥5
注:复制API密钥的机会只有一个。安全访问不会保存您的API密钥,您无法在初始创建后检索它。
2.生成API访问令牌
要生成API访问令牌,请发出令牌授权请求:
令牌授权请求
使用您为组织创建的安全访问API凭证生成API访问令牌。
- 在curl示例中,替换您的安全访问API密钥和密码
curl --user key:secret --request POST --url https://api.sse.cisco.com/auth/v2/token -H Content-Type: application/x-www-form-urlencoded -d grant_type=client_credentials
注意:安全访问OAuth 2.0访问令牌在一小时(3600秒)后过期。建议不要刷新访问令牌,直到令牌接近过期。
3.管理目标列表
管理目标列表的方法有多种,包括:
获取所有目标列表
打开windows命令提示符或Mac terminal运行命令:
curl -L --location-trusted --request GET --url https://api.sse.cisco.com/policies/v2/destinationlists -H "Authorization: Bearer YourAccessToken" -H "Content-Type: application/json"
示例输出中的代码段:
{"id":23456789,"organizationId":1234567,"access":"none","isGlobal":false,"name":" Test Block list","thirdpartyCategoryId":null,"createdAt":1694070823,"modifiedAt":1702819637,"isMspDefault":false,"markedForDeletion":false,"bundleTypeId":2,"meta":
{"destinationCount":2,"domainCount":2,"urlCount":0,"ipv4Count":0,"applicationCount":0}
记下输出的“id”字段中列出的destinationListId,该字段进一步用于特定于此目标列表的GET、POST或DELETE请求。
获取目标列表中的所有目标
- 使用此
destinationListId
“前述”步骤“获取所有目标列表”获取
打开windows命令提示符或Mac terminal运行命令:
curl -L --location-trusted --request GET --url https://api.sse.cisco.com/policies/v2/destinationlists/destinationListId/destinations -H "Authorization: Bearer YourAccessToken"
输出示例:
{"status":{"code":200,"text":"OK"},"meta":{"page":1,"limit":100,"total":3},"data":
[
{"id":"415214","destination":"cisco.com","type":"domain","comment":null,"createdAt":"2024-02-20 09:15:46"},{"id":"7237895","destination":"www.cisco.com","type":"domain","comment":null,"createdAt":"2024-02-20 10:19:51"},{"id":"29275814","destination":"10.10.10.10","type":"ipv4","comment":null,"createdAt":"2024-02-20 09:15:46"},{"id":"71918495","destination":"www.subdomain.cisco.com/resoucre","type":"url","comment":null,"createdAt":"2024-02-20 10:29:02"}
]}
创建新的目标列表
打开windows命令提示符或Mac terminal运行命令:
curl -L --location-trusted --request POST --url https://api.sse.cisco.com/policies/v2/destinationlists -H "Authorization: Bearer YourAccessToken" -H "Content-Type: application/json" -H "Accept: application/json" -d "{\"access\":\"none\",\"isGlobal\":false,\"name\":\"Destination List Name\"}"
输出示例:
{"id":23456789,"organizationId":1234567,"access":"none","isGlobal":false,"name":"API List 1","thirdpartyCategoryId":null,"createdAt":1708417690,"modifiedAt":1708417690,"isMspDefault":false,"markedForDeletion":false,"bundleTypeId":1,"meta":{"destinationCount":0}}
将目标添加到目标列表
- 使用此
destinationListId
“前述”步骤“获取所有目标列表”获取
打开windows命令提示符或Mac terminal运行命令:
curl -L --location-trusted --request POST --url https://api.sse.cisco.com/policies/v2/destinationlists/{destinationListId}/destinations -H "Authorization: Bearer YourAccessToken" -H "Content-Type: application/json" -d "[{\"destination":"cisco.com\"},{\"destination\":\"10.10.10.10\"},{\"destination\":\"www.subdomain.cisco.com\/resource\"}]"
输出示例:
{"status":{"code":200,"text":"OK"},"data":{"id":17804929,"organizationId":1234567,"access":"none","isGlobal":false,"name":"API List 1","thirdpartyCategoryId":null,"createdAt":1708417690,"modifiedAt":1708420546,"isMspDefault":false,"markedForDeletion":false,"bundleTypeId":1,"meta":
{"destinationCount":3}}}
删除目标列表
- 使用此
destinationListId
“前述”步骤“获取所有目标列表”获取
打开windows命令提示符或Mac terminal运行命令:
curl -L --location-trusted --request DELETE --url https://api.sse.cisco.com/policies/v2/destinationlists/destinationListId -H "Authorization: Bearer YourAccessToken"
输出示例:
{"status":{"code":200,"text":"OK"},"data":[]}
从目标列表中删除目标
打开windows命令提示符或Mac terminal运行命令:
curl -L --location-trusted --request DELETE --url https://api.sse.cisco.com/policies/v2/destinationlists/destinationListId/destinations/remove -H "Authorization: Bearer YourAccessToken" -H "Content-Type: application/json" -H "Accept: application/json" -d "[id1,id2]"
输出示例:
{"status":{"code":200,"text":"OK"},"data":{"id":17804929,"organizationId":1234567,"access":"none","isGlobal":false,"name":"API List 1","thirdpartyCategoryId":null,"createdAt":1708417690,"modifiedAt":1708525645,"isMspDefault":false,"markedForDeletion":false,"bundleTypeId":1,"meta":{"destinationCount":2}}}
故障排除
安全访问API终端使用HTTP响应代码来指示API请求的成败。通常,2xx范围内的代码指示成功,4xx范围内的代码指示由提供的信息导致的错误,而5xx范围内的代码指示服务器错误。解决问题的方法取决于收到的响应代码:
REST API — 响应代码1
REST API — 响应代码2此外,在排除与API相关的错误或问题时,请注意以下速率限制:
相关信息