Security

Reply
Contributor I

Clearpass API Read/Write Device Groups

I'm looking for the correct syntax to read the contents of a Clearpass Device Group as well as add a member to an existing group via the API. I have successfully setup API calls to read and write endpoints, but I'm not sure the syntax for Device Groups. Thanks!

Guru Elite

Re: Clearpass API Read/Write Device Groups

Get all device groups:

GET https://{{ClearPass-Base-URL}}/api/network-device-group

 

Get single device group:

GET https://{{ClearPass-Base-URL}}/api/network-device-group/{{device-group-id}}

 

Add device to device group:

PATCH https://{{ClearPass-Base-URL}}/api/network-device-group/{{device-group-id}}

 

{
"value": "100.81.0.11"
}

 

NOTE. This will override the field, so if you are adding a value, you need suck in the old values, and append the new one.

 


| Tim Cappalli | Aruba Security | @timcappalli | timcappalli.me |

NOTE: Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba or Hewlett Packard Enterprise.
Contributor I

Re: Clearpass API Read/Write Device Groups

Thank you - that pointed me in the right direction. The API URL is actually https://{clearpass-server}/tipsapi/config/read/NadGroup.

 

I was then able to build the XML and apply a filter criteria to get the specific groups I need. Should be relatively simple to build the XML to append to that list and write back to Clearpass. Thanks!

Guru Elite

Re: Clearpass API Read/Write Device Groups

That's the legacy SOAP API. You should use the new RESTful API which is what I posted.


| Tim Cappalli | Aruba Security | @timcappalli | timcappalli.me |

NOTE: Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba or Hewlett Packard Enterprise.
Contributor I

Re: Clearpass API Read/Write Device Groups

Ok, thanks - hadn't realized the API was updated.

 

Can you point me in the direction of documentation? I tried the URL you sent and it did not work - is there a minimum version for REST API support?

Guru Elite

Re: Clearpass API Read/Write Device Groups

API explorer lives at /api-docs

 

High-level doc here: https://support.arubanetworks.com/Documentation/tabid/77/DMXModule/512/Command/Core_Download/Default.aspx?EntryId=22490


| Tim Cappalli | Aruba Security | @timcappalli | timcappalli.me |

NOTE: Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba or Hewlett Packard Enterprise.
Contributor I

Re: Clearpass API Read/Write Device Groups

Thanks again, Tim - I'm getting 403 forbidden errors attemptin to just use the API explorer. Shouldn't the base HTTP authentication work for this purpose?

Guru Elite

Re: Clearpass API Read/Write Device Groups

Are you using a browser? It will redirect you to login.

| Tim Cappalli | Aruba Security | @timcappalli | timcappalli.me |

NOTE: Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba or Hewlett Packard Enterprise.
Contributor I

Re: Clearpass API Read/Write Device Groups

Yes - the redirect occurred and I logged in, but now I'm getting 403 errors using the API explorer. I encountered this issue in the past which had me resorting to the SOAP API.

Guru Elite

Re: Clearpass API Read/Write Device Groups

Screenshot please.

| Tim Cappalli | Aruba Security | @timcappalli | timcappalli.me |

NOTE: Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba or Hewlett Packard Enterprise.
Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: