簡介
本文說明如何使用安全存取API透過捲曲管理目的地清單。
必要條件
需求
思科建議您瞭解以下主題:
採用元件
本文中的資訊係根據以下軟體和硬體版本:
本文中的資訊是根據特定實驗室環境內的裝置所建立。文中使用到的所有裝置皆從已清除(預設)的組態來啟動。如果您的網路運作中,請確保您瞭解任何指令可能造成的影響。
設定
1.建立API金鑰
導航到Secure Access Dashboard。
- 按一下
Admin
> Api Keys
> Add
建立API金鑰1
建立API金鑰2
- 根據需要添
API Key Name
加Description (Optional)
所需的Expiry Date
、。
建立API金鑰3
- 在
Key Scope
下,選擇Policies
,然後展開policies
- 選擇
Destination Lists
,然後 Destinations
- 如果需要
Scope
,請更改,否則請保留為 Read/Write
- 按一下
CREATE KEY
建立API金鑰4
- 複製
API Key
和,Key Secret
然後按一下 ACCEPT AND CLOSE
建立API金鑰5
注意:複製API機密的機會只有一個。Secure Access不會儲存您的API金鑰,您無法在初始建立後檢索它。
2.生成API訪問令牌
若要產生API存取權杖,請發出權杖授權要求:
令牌授權請求
使用您為組織建立的安全訪問API憑據生成API訪問令牌。
- 在curl示例中,替換您的安全訪問API金鑰和密碼
curl --user key:secret --request POST --url https://api.sse.cisco.com/auth/v2/token -H Content-Type: application/x-www-form-urlencoded -d grant_type=client_credentials
注意:安全訪問OAuth 2.0訪問令牌在一小時(3600秒)後過期。建議不要刷新訪問令牌,直到令牌接近過期。
3.管理目標清單
管理目標清單的方法有多種,包括:
獲取所有目標清單
開啟windows命令提示符或Mac terminal運行命令:
curl -L --location-trusted --request GET --url https://api.sse.cisco.com/policies/v2/destinationlists -H "Authorization: Bearer YourAccessToken" -H "Content-Type: application/json"
輸出示例中的代碼段:
{"id":23456789,"organizationId":1234567,"access":"none","isGlobal":false,"name":" Test Block list","thirdpartyCategoryId":null,"createdAt":1694070823,"modifiedAt":1702819637,"isMspDefault":false,"markedForDeletion":false,"bundleTypeId":2,"meta":
{"destinationCount":2,"domainCount":2,"urlCount":0,"ipv4Count":0,"applicationCount":0}
記下輸出中「id」欄位下面列出的destinationListId,該欄位進一步用於特定於此目標清單的GET、POST或DELETE請求。
獲取目標清單中的所有目標
- 使用此
destinationListId
早期提及步驟獲取所有目標清單
開啟windows命令提示符或Mac terminal運行命令:
curl -L --location-trusted --request GET --url https://api.sse.cisco.com/policies/v2/destinationlists/destinationListId/destinations -H "Authorization: Bearer YourAccessToken"
輸出示例:
{"status":{"code":200,"text":"OK"},"meta":{"page":1,"limit":100,"total":3},"data":
[
{"id":"415214","destination":"cisco.com","type":"domain","comment":null,"createdAt":"2024-02-20 09:15:46"},{"id":"7237895","destination":"www.cisco.com","type":"domain","comment":null,"createdAt":"2024-02-20 10:19:51"},{"id":"29275814","destination":"10.10.10.10","type":"ipv4","comment":null,"createdAt":"2024-02-20 09:15:46"},{"id":"71918495","destination":"www.subdomain.cisco.com/resoucre","type":"url","comment":null,"createdAt":"2024-02-20 10:29:02"}
]}
建立新的目標清單
開啟windows命令提示符或Mac terminal運行命令:
curl -L --location-trusted --request POST --url https://api.sse.cisco.com/policies/v2/destinationlists -H "Authorization: Bearer YourAccessToken" -H "Content-Type: application/json" -H "Accept: application/json" -d "{\"access\":\"none\",\"isGlobal\":false,\"name\":\"Destination List Name\"}"
輸出示例:
{"id":23456789,"organizationId":1234567,"access":"none","isGlobal":false,"name":"API List 1","thirdpartyCategoryId":null,"createdAt":1708417690,"modifiedAt":1708417690,"isMspDefault":false,"markedForDeletion":false,"bundleTypeId":1,"meta":{"destinationCount":0}}
將目標新增到目標清單
- 使用此
destinationListId
早期提及步驟獲取所有目標清單
開啟windows命令提示符或Mac terminal運行命令:
curl -L --location-trusted --request POST --url https://api.sse.cisco.com/policies/v2/destinationlists/{destinationListId}/destinations -H "Authorization: Bearer YourAccessToken" -H "Content-Type: application/json" -d "[{\"destination":"cisco.com\"},{\"destination\":\"10.10.10.10\"},{\"destination\":\"www.subdomain.cisco.com\/resource\"}]"
輸出示例:
{"status":{"code":200,"text":"OK"},"data":{"id":17804929,"organizationId":1234567,"access":"none","isGlobal":false,"name":"API List 1","thirdpartyCategoryId":null,"createdAt":1708417690,"modifiedAt":1708420546,"isMspDefault":false,"markedForDeletion":false,"bundleTypeId":1,"meta":
{"destinationCount":3}}}
刪除目標清單
- 使用此
destinationListId
早期提及步驟獲取所有目標清單
開啟windows命令提示符或Mac terminal運行命令:
curl -L --location-trusted --request DELETE --url https://api.sse.cisco.com/policies/v2/destinationlists/destinationListId -H "Authorization: Bearer YourAccessToken"
輸出示例:
{"status":{"code":200,"text":"OK"},"data":[]}
從目標清單中刪除目標
開啟windows命令提示符或Mac terminal運行命令:
curl -L --location-trusted --request DELETE --url https://api.sse.cisco.com/policies/v2/destinationlists/destinationListId/destinations/remove -H "Authorization: Bearer YourAccessToken" -H "Content-Type: application/json" -H "Accept: application/json" -d "[id1,id2]"
輸出示例:
{"status":{"code":200,"text":"OK"},"data":{"id":17804929,"organizationId":1234567,"access":"none","isGlobal":false,"name":"API List 1","thirdpartyCategoryId":null,"createdAt":1708417690,"modifiedAt":1708525645,"isMspDefault":false,"markedForDeletion":false,"bundleTypeId":1,"meta":{"destinationCount":2}}}
疑難排解
安全訪問API端點使用HTTP響應代碼來指示API請求的成敗。通常,2xx範圍內的代碼指示成功,4xx範圍內的代碼指示由所提供的資訊導致的錯誤,而5xx範圍內的代碼指示伺服器錯誤。解決該問題的方法取決於收到的響應代碼:
REST API — 響應代碼1
REST API — 響應代碼2此外,在排除與API相關的錯誤或問題時,以下是要瞭解的速率限制:
相關資訊