Security

I am currently trying to use ClearPass API to view and create new devices under GuestManager. However I am having issues with simply trying to "post" to /api/device endpoint. I am using advanced rest client in order to test

 

Headers

Authorization: Bearer <access token>

Content-Type: application/json

 

Body

{
"sponsor_name": "name", //same as logged in user
"mac": "00-00-00-00-00-01",

"username": "00-00-00-00-00-01", // explorer says to use mac
"source":"mac_create",
"visitor_name": "visitor name " //field used as a label in device table
}

 

Biggest problem is that in the API explorer all the fields say "optional" so I am not sure which ones I need to specify. 

 

The access token is valid, I can make a "get" request to /device and see all the devices listed. When I try to post, the repsonse is 200 with no error or any responses. But when I go to  Guest > Manage Devices the device is not listed in the table. I can use the "add device" button found on that page which works as expected but cant seem to get the API to work

 

I might be missing something simple but I am not sure what. Any help would be appreciated. 

 

Thanks,

Monil 

Below is a sample payload.

So this will create a new device account with role ID 16, with no expiration and a device nickname of iap205h-br.

 

{
  "enabled": true,
  "expire_time": "0",
  "mac": "000b86f5fb22",
  "notes": "",
  "role_id": 16,
  "visitor_name": "iap205h-br"
}

The server responds with a 200 OK, but the response contains no data and no device is created.

 

I am sending:

HEADERS

Authorization: Bearer <actual token>
Content-Type:application/json

BODY

{
"enabled": true,
"expire_time": "0",
"mac": "000b86f5fb22",
"notes": "",
"role_id": 13,
"visitor_name": "iap205h-br"
}

You need to adapt the payload to your environment. You likely don't have a
role 13.

Right. I've been trying to figure out the Role ID of the Operator Profile we want to use.

1.) Am I correct in thinking that role_id -> Operator Profile

2.) How can I find the proper IDs to use?

also I am trying to use operator profile Device Registration, so I set up the API client with that profile and gave api access to it with no luck. I can still get a list of devices, but not create a new one through the API,

 

not sure if I am missing a step with setting up the API client. 

Please describe your complete scenario or reach out to your Aruba ClearPass
Partner.

Please describe your complete scenario or reach out to your Aruba ClearPass
Partner.

just in general is there any official documentation besides the API explorer, on general setup of the API and how to use it. I've been following this link 

 

https://community.arubanetworks.com/aruba/attachments/aruba/aaa-nac-guest-access-byod/20924/1/Using%20the%20ClearPass%20HTTP%20APIs.pdf

 

however as you can see it says DRAFT across each page, and some some additional documentation would be nice.

http://support.arubanetworks.com/Documentation/tabid/77/DMXModule/512/Command/Core_Download/Method/attachment/Default.aspx?EntryId=22490

For device registration, role ID is used for role based access for the
device you're registering. Some examples include "Media Player", "Game
Console", "Printer", "Camera", etc. You map these roles to a number in the
[Guest Roles] role map in policy manager.

You need to adapt the payload to your environment. You likely don't have a
role 13.