Cisco Cisco ASA 5555-X Adaptive Security Appliance
About the ASA REST API v1.2.2
Special APIs
Special APIs
25
AAA validation failure/Authorization header not present.
401 Unauthorized
Authentication success.
204 No Content + X-Auth-Token <token id> (header)
Can’t get username/password from the header, or any
other sanity check failures.
400 Bad Request
Maximum sessions reached.
Note: The maximum number of sessions per context is 25.
503 Service unavailable
To delete a token, issue DELETE to URL: /api/tokenservices/<token>
Request payload is empty. User information should be in basic authentication header.
Response could be:
Reason
HTTP Status Code
AAA validation failure/Invalid token.
401 Unauthorized
Success.
204 No Content
Can’t get user name/password from the header, or any
other sanity check failures.
400 Bad Request.
Notes:
• The existing syslogs 605004 and 605005 are used for create/delete a token.
• The existing syslog 109033 is used for the case where “Challenge” is requested by the authentication server to
inform the user that it is “unsupported.”
• When a REST API request is received, it is checked first for an 'X-Auth-Token' header; if it not present, the
server falls back to basic authentication.
• The generated token database will be in memory on the ASA, and will not be replicated across failover pairs or
clusters. In other words, if failover happens within a failover pair, or a cluster master device changes,
authentication will need to be performed again.
• For a multi-context device, the token is received for the admin context and it can be used for configuring any
other context as well.