Cisco Cisco ASA 5580 Adaptive Security Appliance
About the ASA REST API v1.1.1
Resource Identity
Resource Identity
4
• ASA HTTP server opens the connection to REST Agent using TCP channel, and writes the HTTP request to the
REST Agent.
• ASA HTTP server waits for REST Agent process’s response.
• REST Agent processes API request, picks the session/user info and invokes CLI commands request to LINA
listening on localhost port in ASA. REST Agent includes the session/user info in the request.
• Lina admin handler processes the CLI commands and collects the results output.
• Lina sends the response for the CLI commands request to REST Agent.
• REST Agent prepares the response for REST API request and sends to the ASA HTTP server.
• ASA HTTP server forwards the response to the client. Server doesn’t do any processing on the response
received from REST Agent process.
Resource Identity
All Resources will have a unique identifier ‘objectId’ which will be either a natural unique name for the given type given
by user or a generated hash out of composite unique attributes. Note that CLI has no notion of UID so it’s not possible for
by user or a generated hash out of composite unique attributes. Note that CLI has no notion of UID so it’s not possible for
REST Agent to generate any distinct unique identifier since REST Agent is stateless.
Example:
{
kind: "object#AccessGroup",
selfLink: "https://<asa_ip>/api/access/in/inside",
ACLName: "inside_in_acl",
direction: "IN",
interface: {
kind: "objectRef#Interface",
refLink: "https://<asa_ip>/api/interfaces/physical/GigabitEthernet0_API_SLASH_1",
objectId: "GigabitEthernet0_API_SLASH_1",
name: "inside"
}
}
Attribute ‘selfLink’
This is complete URL for a resource specified within the JSON object of an object. This is useful when a collection is
retrieved to traverse to individual items without figuring out through documentation on how to construct URL to reach to
an object from its objectId. This attribute will be specified in JSON object of every resource.
The objectId part of the selfLink will be URL encoded, whether the selfLink is part of JSON response or location header.
Whenever an API request comes, first canonicalization check will be done on the request URL to check for any double or
mixed encodings. If URL is double encoded, 400 bad request will be returned. If it passes canonicalization check, then
the request URL is URL-decoded and sent for further processing.
the request URL is URL-decoded and sent for further processing.