Using API in Aruba Central with Postman by Ulises Cázares

 Hi, today I'm gonna show how to interact with the Aruba Central API using postman.

My intention is that you know how to construct the request using headers, parameters and the body of the request.

The first things to start working with the Aruba Central API are: to have administrative access to Aruba Central and to see the API documentation in Aruba Central

To access the Aruba Central API documentation go to Global-Organization-Platform Integration-API Gateway - Rest API

The next page appears and you can access the documentation


 

Once you click there,  you'll be redirected to a page like this. 



Now, let's do 4 thing so you can use the API:

  1. Create the API Application
  2. Login to the device API
  3. Construct a GET request
  4. Construct a POST request


  1. Click in "Add APPs and Tokens" and Aruba Central will create the API Application so you have a client_id, and client_secret which you'll need later. This happens only the first time, following tokens won't create another Application

    1. If you want, you can click "Download Token" and go directly to step 3 and 4 (GET and POST) but I'll show you how to get the access token with https requests.
  1.     Login to the dAruba Central to get the access token (using your Aruaba Central administrative credentials). In order to get the access_token we have to construct 3 requests in the following order.
      1. According to the documentation, for my user accout which is hosted in the US-2 instance, the URL is:  https://apigw-prod2.central.arubanetworks.com/oauth2/authorize/central/api/login
      2. In Postman, construct it like this:
        1.  It's a http POST to the URL
        2. In the body use "username", "password" and "client_id" variables. The client_id is from the previous step. Note.- The variables are case sensitive
      3. If everything is ok we'll get a response like this:
        1. This respone includes2 cookies: csrftoken and session which we'll use in the following requests.
      4. We make another POST to https://apigw-prod2.central.arubanetworks.com/oauth2/authorize/central/api including two Headers using the previously obtained cookies. These Hearders will be Cookie and X-CSRF-Token. The request also requires the "client_id" and the "customer_id". The request mandates for two parameters too, which are "response_type" set to code and "scope" set to read or all. If you don't send these parameters the request will fail. For the client_id, you can obtain it from the application creation and the customer_id is a unique value for every Aruba Central  customer.                                                                        
      5. If everything is ok, we'll get the "auth_code" which will be required in the next request to get the acess_token.                                            
      6. Now we make another POST to https://apigw-prod2.central.arubanetworks.com/oauth2/token including the following: "clinet_id", "client_secret", "grant_type" set to "authorization_code" and "code" using the auth_code value obtained in the previuos step. Note: client_id and customer_id would be obtained from the application page when the app was created.             
      7. If everything is ok, we'll get the access_token which we'll need to make requests.
  2. Construct a GET request.
      1.  According to the documentation, to obtaint the configured Groups URL is:  https://apigw-prod2.central.arubanetworks.com/configuration/v1/groups
        1. It's a GET to the URL
        2. This time we use a Authorization section with the type OAuth2.0 and the access_token as value.
        3. Int his particular request it's mandatory to the de limit and offset values. For this example is 20 and 0.                         
        4. If everything is ok, we'll get something like this:       
  3. Construct a POST request
      1. According to the documentation, to create a Group the URL is:  https://apigw-prod2.central.arubanetworks.com/configuration/v2/groups
      2. It's a POST to the URL
      3. This time we use a Authorization section with the type OAuth2.0 and the access_token as value or we can send it in the param section as access_token and value obtained previously.
      4. Since we're creating something we need more information in the request. In this case, we need at least the following: "group", "group_password", "wireless" and "wired" int he body section.                   
      5. If everythig is ok we'll get something like this:               

 

When you get an error after a GET or a POST review the code of the status, it'll give you a clue or reason of why the method didn't work.


In order to do more things with the switch API, refer to the documentation in Aruba Central (login required)


Hope this helps



Comments

Post a Comment

Popular posts from this blog

Aruba Clearpass - How to configure the Cisco WLC for Guest and MAC Caching by Ulises Cázares

Image
 Hi this is a step by step on how to configure an SSID in a functional Cisco WLC (8.10)  for Guest Authentication and MAC Caching using Aruba Clearpass General Steps (this guide assumes you have correctly configured the Clearpass side) Create an Authentication Server (The secret is the same as the one configured in Clearpass) Create an Accounting Server (The secret is the same as the one configured in Clearpass) Configure the WebAuth login Page (use the configured guets login page in Clearpass) Make sure the Web Auth Certificate points to the virtual IP in the WLC Create the FlexConnect Access List (or IPV4) Make sure WebAuth SecureWeb is enable Configure the SSID with the appropiate settings   1.- Create an Authentication Server 2.- Create an Accounting Server  3.- Configure the WebAuth login Page (in this example is; guest.demo-clearpass.net/cisco_login.php)  Note.- In order to avoid the security warnings in the conencting devices, install the appropiate certificate in Clearpass wit
Read more

Using API in ArubaOS Switches with Postman by Ulises Cázares

Image
 Hi, today I'm gonna show how to interact with the Aruba OS version 16.10 switches API using postman. My intention is that you know how to construct the request using headers, parameters and the body of the request. The first things to start working with the switch API are: to have administrative access to the device and to make sure of the switch version so you can look for the appropiate document. Remember, APIs can change form version to version.  You can use the command: show version. In my case is 16.10 Then you can make a quick search in google like "Aruba switch 16.10 API" to get the document and find out what are the option provided in the API. In the document you will find examples using curl and that's why i'm writting this in postman, so you have options. Now, let's do 4 thing so you can use the API: Make sure the REST interface is enable or enable it Login to the device API Construct a GET request Construct a POST request  Make sure the REST inter
Read more

WiFi - How to know supported channels by a wireless client by Ulises Cázares

Image
 Hi, in this post I would tell you how to be sure which WiFi channels are supported by a wireless client so we can configure wireless solutions that will work with the endpoints in the environment. I normally approach this topic in 2 ways 1. Directly in the wireless client This one is the obvious option but, in my experience, the majority of wireless clients don't show that in any part of the configuration. Because wireless clients are very different and their configurations menus too there's no way to show a "common" path to see the supported channels(if the wireless client shows them)   2.- Use a wireless adapter in monitor mode and wireshark to see an Association Request paquet from the client. In the following images we'll see where in the association request we can see that information.    The fastest way to do it is to follow these steps: Put the wireless adapatar in monitor mode in the AP channel we'are going to connect the wireless client Open wireshar
Read more