Cisco Cisco ASA 5580 Adaptive Security Appliance
About the ASA REST API
REST API Authentication
REST API Authentication
6
Object ‘rangeInfo’
Most collection resources will contain a rangeInfo object in it, which will provide details on the range of items currently
contained in the collection. The GET and Query API support pagination and will never return more than a predefined MAX
contained in the collection. The GET and Query API support pagination and will never return more than a predefined MAX
number of items. So if you have 20,000 network objects, you cannot get all of it in one single call. Also in the API request
you can specify the offset and the limit from that offset that should be returned in the result. The result will always
contain a rangeInfo specifying what was the offset and limit that are being returned and the total items.
contain a rangeInfo specifying what was the offset and limit that are being returned and the total items.
"rangeInfo": {
"offset": integer,
"limit": integer,
"total": integer,
},
Maximum accepted value of limit will be 100; if REST Client queries for more than 100 items, if more than 100 items
available, only 100 items will be returned and total will indicate the available item count.
available, only 100 items will be returned and total will indicate the available item count.
REST API Authentication
HTTP Basic Authentication with secure HTTPS transport- Basic Authorization header must be added to every REST API
request and authentication will be performed for every request.
Note: It is recommended to use Certificate Authority (CA) issued certificates on ASA, so that REST API clients can
validate the server certificates of ASA during the SSL connection establishment.
Privilege 3 or greater is needed to invoke monitoring APIs. Privilege 5 or greater is needed for invoking GET APIs.
Privilege 15 is needed for invoking PUT/POST/DELETE operations.
REST API Conventions
Standard REST API conventions for using the HTTP request methods are as follows:
• An HTTP PUT request is used to replace, update, or modify an existing resource, while HTTP POST is used to
create a new resource (or any action that is not covered by PUT). You must not use HTTP PUT to create a
resource.
Note: Some types of object—for example, management access host and any ACE—are identified by a hash value
which is calculated based on several of the object’s parameters. If you use HTTP PUT to change any of
these parameters, the object’s hash value changes. Since this value identifies the object, it might seem
that the HTTP PUT call created a new object, but this is in fact not the case.
• The request body of an HTTP PUT request must contain the complete representation of the mandatory attributes
of the resource.