Security

Reply
Occasional Contributor II
Posts: 38
Registered: ‎04-22-2016

Clearpass API Read/Write Device Groups

I'm looking for the correct syntax to read the contents of a Clearpass Device Group as well as add a member to an existing group via the API. I have successfully setup API calls to read and write endpoints, but I'm not sure the syntax for Device Groups. Thanks!

Guru Elite
Posts: 8,637
Registered: ‎09-08-2010

Re: Clearpass API Read/Write Device Groups

Get all device groups:

GET https://{{ClearPass-Base-URL}}/api/network-device-group

 

Get single device group:

GET https://{{ClearPass-Base-URL}}/api/network-device-group/{{device-group-id}}

 

Add device to device group:

PATCH https://{{ClearPass-Base-URL}}/api/network-device-group/{{device-group-id}}

 

{
"value": "100.81.0.11"
}

 

NOTE. This will override the field, so if you are adding a value, you need suck in the old values, and append the new one.

 


Tim Cappalli | Aruba Security TME
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
Occasional Contributor II
Posts: 38
Registered: ‎04-22-2016

Re: Clearpass API Read/Write Device Groups

Thank you - that pointed me in the right direction. The API URL is actually https://{clearpass-server}/tipsapi/config/read/NadGroup.

 

I was then able to build the XML and apply a filter criteria to get the specific groups I need. Should be relatively simple to build the XML to append to that list and write back to Clearpass. Thanks!

Guru Elite
Posts: 8,637
Registered: ‎09-08-2010

Re: Clearpass API Read/Write Device Groups

That's the legacy SOAP API. You should use the new RESTful API which is what I posted.


Tim Cappalli | Aruba Security TME
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
Occasional Contributor II
Posts: 38
Registered: ‎04-22-2016

Re: Clearpass API Read/Write Device Groups

Ok, thanks - hadn't realized the API was updated.

 

Can you point me in the direction of documentation? I tried the URL you sent and it did not work - is there a minimum version for REST API support?

Guru Elite
Posts: 8,637
Registered: ‎09-08-2010

Re: Clearpass API Read/Write Device Groups

API explorer lives at /api-docs

 

High-level doc here: https://support.arubanetworks.com/Documentation/tabid/77/DMXModule/512/Command/Core_Download/Default.aspx?EntryId=22490


Tim Cappalli | Aruba Security TME
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
Occasional Contributor II
Posts: 38
Registered: ‎04-22-2016

Re: Clearpass API Read/Write Device Groups

Thanks again, Tim - I'm getting 403 forbidden errors attemptin to just use the API explorer. Shouldn't the base HTTP authentication work for this purpose?

Guru Elite
Posts: 8,637
Registered: ‎09-08-2010

Re: Clearpass API Read/Write Device Groups

Are you using a browser? It will redirect you to login.

Tim Cappalli | Aruba Security TME
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
Occasional Contributor II
Posts: 38
Registered: ‎04-22-2016

Re: Clearpass API Read/Write Device Groups

Yes - the redirect occurred and I logged in, but now I'm getting 403 errors using the API explorer. I encountered this issue in the past which had me resorting to the SOAP API.

Guru Elite
Posts: 8,637
Registered: ‎09-08-2010

Re: Clearpass API Read/Write Device Groups

Screenshot please.

Tim Cappalli | Aruba Security TME
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
Search Airheads
Showing results for 
Search instead for 
Did you mean: