Security

last person joined: yesterday 

Forum to discuss Enterprise security using HPE Aruba Networking NAC solutions (ClearPass), Introspect, VIA, 360 Security Exchange, Extensions, and Policy Enforcement Firewall (PEF).
Back to discussions
Expand all | Collapse all

Clearpass API Read/Write Device Groups

This thread has been viewed 9 times

  • 1.  Clearpass API Read/Write Device Groups

    Posted Feb 16, 2017 01:14 PM

    I'm looking for the correct syntax to read the contents of a Clearpass Device Group as well as add a member to an existing group via the API. I have successfully setup API calls to read and write endpoints, but I'm not sure the syntax for Device Groups. Thanks!



  • 2.  RE: Clearpass API Read/Write Device Groups

    EMPLOYEE
    Posted Feb 16, 2017 01:37 PM

    Get all device groups:

    GET https://{{ClearPass-Base-URL}}/api/network-device-group

     

    Get single device group:

    GET https://{{ClearPass-Base-URL}}/api/network-device-group/{{device-group-id}}

     

    Add device to device group:

    PATCH https://{{ClearPass-Base-URL}}/api/network-device-group/{{device-group-id}}

     

    {
    "value": "100.81.0.11"
    }

     

    NOTE. This will override the field, so if you are adding a value, you need suck in the old values, and append the new one.

     



  • 3.  RE: Clearpass API Read/Write Device Groups

    Posted Feb 16, 2017 02:06 PM

    Thank you - that pointed me in the right direction. The API URL is actually https://{clearpass-server}/tipsapi/config/read/NadGroup.

     

    I was then able to build the XML and apply a filter criteria to get the specific groups I need. Should be relatively simple to build the XML to append to that list and write back to Clearpass. Thanks!



  • 4.  RE: Clearpass API Read/Write Device Groups

    EMPLOYEE
    Posted Feb 16, 2017 02:16 PM

    That's the legacy SOAP API. You should use the new RESTful API which is what I posted.



  • 5.  RE: Clearpass API Read/Write Device Groups

    Posted Feb 16, 2017 02:21 PM

    Ok, thanks - hadn't realized the API was updated.

     

    Can you point me in the direction of documentation? I tried the URL you sent and it did not work - is there a minimum version for REST API support?



  • 6.  RE: Clearpass API Read/Write Device Groups

    EMPLOYEE
    Posted Feb 16, 2017 02:23 PM

    API explorer lives at /api-docs

     

    High-level doc here: https://support.arubanetworks.com/Documentation/tabid/77/DMXModule/512/Command/Core_Download/Default.aspx?EntryId=22490



  • 7.  RE: Clearpass API Read/Write Device Groups

    Posted Feb 16, 2017 02:26 PM

    Thanks again, Tim - I'm getting 403 forbidden errors attemptin to just use the API explorer. Shouldn't the base HTTP authentication work for this purpose?



  • 8.  RE: Clearpass API Read/Write Device Groups

    EMPLOYEE
    Posted Feb 16, 2017 02:29 PM
    Are you using a browser? It will redirect you to login.


  • 9.  RE: Clearpass API Read/Write Device Groups

    Posted Feb 16, 2017 02:31 PM

    Yes - the redirect occurred and I logged in, but now I'm getting 403 errors using the API explorer. I encountered this issue in the past which had me resorting to the SOAP API.



  • 10.  RE: Clearpass API Read/Write Device Groups

    EMPLOYEE
    Posted Feb 16, 2017 02:32 PM
    Screenshot please.


  • 11.  RE: Clearpass API Read/Write Device Groups

    EMPLOYEE
    Posted Feb 16, 2017 02:32 PM
    Screenshot please.


  • 12.  RE: Clearpass API Read/Write Device Groups

    Posted Feb 16, 2017 02:39 PM

    Untitled-1.jpg

    Screenshot of the API explorer above. When I navigate to /api-docs, I'm redirected to Clearpass Guest to login, which is successful and then I'm redirected back to the /api-docs URL where I select NetworkDeviceGroup and try the GET method. Screenshot it the result.



  • 13.  RE: Clearpass API Read/Write Device Groups

    EMPLOYEE
    Posted Feb 16, 2017 02:44 PM
    Did you create an API client and access token? Take a look at that doc. It
    goes over everything.


  • 14.  RE: Clearpass API Read/Write Device Groups

    EMPLOYEE
    Posted Feb 16, 2017 02:44 PM
    Did you create an API client and access token? Take a look at that doc. It
    goes over everything.